- Posts: 4
- Thank you received: 0
RAS Protocol support for PIX525
19 years 10 months ago #4404
by jhun
Replied by jhun on topic Re: RAS Protocol support for PIX525
Hi
I am not so sure if the version that you have on your PIX firewall supports RAS, but as you said it did not so the ones in italics describes the RAS protocol using ver 5.3(1)..
H.323 RAS fixups cannot be disabled through the PIX Firewall when the PIX Firewall unit is between the H.323 Gateway and Gatekeeper. When the PIX Firewall is between the Gateway and Gatekeeper, whenever PIX Firewall detects RAS packets, it enables packet checking. Use the debug h323 ras event command to determine if RAS packets are passing through the PIX Firewall.
Sample output from the debug h323 ras event command appears as follows:
57:RAS::RRQ received from 10.130.4.250/51527 to 10.132.4.6/1719
58:RAS::RCF received from 10.132.4.6/1719 to 10.132.4.250/51527
The first line shows that a RAS registration request was received by the PIX Firewall. The next line shows that the request was confirmed.
If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can enable RAS fixups with the fixup protocol h323 1720 command. If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can disable RAS fixups with the no fixup protocol h323 1720 command.
However, if the PIX Firewall unit is between the Gateway and Gatekeeper, the
no fixup protocol h323 1720 command has no effect and RAS fixups continue automatically.
but when i looked upon ver 6.1 this is what i've discovered so far...
h323 should not drop RAS packets if > 1024...
all of these came from www.cisco.com
hope that these would help...
I am not so sure if the version that you have on your PIX firewall supports RAS, but as you said it did not so the ones in italics describes the RAS protocol using ver 5.3(1)..
H.323 RAS fixups cannot be disabled through the PIX Firewall when the PIX Firewall unit is between the H.323 Gateway and Gatekeeper. When the PIX Firewall is between the Gateway and Gatekeeper, whenever PIX Firewall detects RAS packets, it enables packet checking. Use the debug h323 ras event command to determine if RAS packets are passing through the PIX Firewall.
Sample output from the debug h323 ras event command appears as follows:
57:RAS::RRQ received from 10.130.4.250/51527 to 10.132.4.6/1719
58:RAS::RCF received from 10.132.4.6/1719 to 10.132.4.250/51527
The first line shows that a RAS registration request was received by the PIX Firewall. The next line shows that the request was confirmed.
If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can enable RAS fixups with the fixup protocol h323 1720 command. If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can disable RAS fixups with the no fixup protocol h323 1720 command.
However, if the PIX Firewall unit is between the Gateway and Gatekeeper, the
no fixup protocol h323 1720 command has no effect and RAS fixups continue automatically.
but when i looked upon ver 6.1 this is what i've discovered so far...
h323 should not drop RAS packets if > 1024...
all of these came from www.cisco.com
hope that these would help...
Time to create page: 0.133 seconds