I'm having trouble in configuring PIX 525 for VoIP domain. I found that the Firewall we have (PIX525, v 6.1(3)) does not support RAS Protocol. When I tried to configured it by command: "fixup protocol h323 ras 1718-1719"
it did reply me: "bad port, type help....."
If you know, please tell me to solve this?
Re: RAS Protocol support for PIX525
14 years 5 months ago #4404
I am not so sure if the version that you have on your PIX firewall supports RAS, but as you said it did not so the ones in italics describes the RAS protocol using ver 5.3(1)..
H.323 RAS fixups cannot be disabled through the PIX Firewall when the PIX Firewall unit is between the H.323 Gateway and Gatekeeper. When the PIX Firewall is between the Gateway and Gatekeeper, whenever PIX Firewall detects RAS packets, it enables packet checking. Use the debug h323 ras event command to determine if RAS packets are passing through the PIX Firewall.
Sample output from the debug h323 ras event command appears as follows:
57:RAS::RRQ received from 10.130.4.250/51527 to 10.132.4.6/1719
58:RAS::RCF received from 10.132.4.6/1719 to 10.132.4.250/51527
The first line shows that a RAS registration request was received by the PIX Firewall. The next line shows that the request was confirmed.
If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can enable RAS fixups with the fixup protocol h323 1720 command. If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can disable RAS fixups with the no fixup protocol h323 1720 command.
However, if the PIX Firewall unit is between the Gateway and Gatekeeper, the
no fixup protocol h323 1720 command has no effect and RAS fixups continue automatically.
but when i looked upon ver 6.1 this is what i've discovered so far...