Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: RAS Protocol support for PIX525

RAS Protocol support for PIX525 12 years 5 months ago #4394

  • khoanv
  • khoanv's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
I'm having trouble in configuring PIX 525 for VoIP domain. I found that the Firewall we have (PIX525, v 6.1(3)) does not support RAS Protocol. When I tried to configured it by command:
"fixup protocol h323 ras 1718-1719"
it did reply me:
"bad port, type help....."
If you know, please tell me to solve this?
The administrator has disabled public write access.

Re: RAS Protocol support for PIX525 12 years 4 months ago #4404

  • jhun
  • jhun's Avatar
  • Offline
  • Senior Member
  • Posts: 356
  • Karma: 0
Hi

I am not so sure if the version that you have on your PIX firewall supports RAS, but as you said it did not so the ones in italics describes the RAS protocol using ver 5.3(1)..

H.323 RAS fixups cannot be disabled through the PIX Firewall when the PIX Firewall unit is between the H.323 Gateway and Gatekeeper. When the PIX Firewall is between the Gateway and Gatekeeper, whenever PIX Firewall detects RAS packets, it enables packet checking. Use the debug h323 ras event command to determine if RAS packets are passing through the PIX Firewall.

Sample output from the debug h323 ras event command appears as follows:

57:RAS::RRQ received from 10.130.4.250/51527 to 10.132.4.6/1719

58:RAS::RCF received from 10.132.4.6/1719 to 10.132.4.250/51527

The first line shows that a RAS registration request was received by the PIX Firewall. The next line shows that the request was confirmed.

If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can enable RAS fixups with the fixup protocol h323 1720 command. If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can disable RAS fixups with the no fixup protocol h323 1720 command.

However, if the PIX Firewall unit is between the Gateway and Gatekeeper, the
no fixup protocol h323 1720 command has no effect and RAS fixups continue automatically.



but when i looked upon ver 6.1 this is what i've discovered so far...

h323 should not drop RAS packets if > 1024...

all of these came from www.cisco.com

hope that these would help... :)
The administrator has disabled public write access.

Re: RAS Protocol support for PIX525 12 years 4 months ago #4412

  • MaXiMuS
  • MaXiMuS's Avatar
  • Offline
  • Distinguished Member
  • Posts: 111
  • Karma: 0
Your firewall supports the RAS protocol . U need to upgrade to ver6.2 or 6.3 for this command "fixup protocol h323 ras 1718-1719" to work.

In ver 6.1 the supported command is "fixup protocol h323 [port[-port]] "
The administrator has disabled public write access.
Time to create page: 0.075 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup