- Posts: 4
- Thank you received: 0
RAS Protocol support for PIX525
20 years 5 months ago #4394
by khoanv
RAS Protocol support for PIX525 was created by khoanv
I'm having trouble in configuring PIX 525 for VoIP domain. I found that the Firewall we have (PIX525, v 6.1(3)) does not support RAS Protocol. When I tried to configured it by command:
"fixup protocol h323 ras 1718-1719"
it did reply me:
"bad port, type help....."
If you know, please tell me to solve this?
"fixup protocol h323 ras 1718-1719"
it did reply me:
"bad port, type help....."
If you know, please tell me to solve this?
20 years 5 months ago #4404
by jhun
Replied by jhun on topic Re: RAS Protocol support for PIX525
Hi
I am not so sure if the version that you have on your PIX firewall supports RAS, but as you said it did not so the ones in italics describes the RAS protocol using ver 5.3(1)..
H.323 RAS fixups cannot be disabled through the PIX Firewall when the PIX Firewall unit is between the H.323 Gateway and Gatekeeper. When the PIX Firewall is between the Gateway and Gatekeeper, whenever PIX Firewall detects RAS packets, it enables packet checking. Use the debug h323 ras event command to determine if RAS packets are passing through the PIX Firewall.
Sample output from the debug h323 ras event command appears as follows:
57:RAS::RRQ received from 10.130.4.250/51527 to 10.132.4.6/1719
58:RAS::RCF received from 10.132.4.6/1719 to 10.132.4.250/51527
The first line shows that a RAS registration request was received by the PIX Firewall. The next line shows that the request was confirmed.
If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can enable RAS fixups with the fixup protocol h323 1720 command. If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can disable RAS fixups with the no fixup protocol h323 1720 command.
However, if the PIX Firewall unit is between the Gateway and Gatekeeper, the
no fixup protocol h323 1720 command has no effect and RAS fixups continue automatically.
but when i looked upon ver 6.1 this is what i've discovered so far...
h323 should not drop RAS packets if > 1024...
all of these came from www.cisco.com
hope that these would help...
I am not so sure if the version that you have on your PIX firewall supports RAS, but as you said it did not so the ones in italics describes the RAS protocol using ver 5.3(1)..
H.323 RAS fixups cannot be disabled through the PIX Firewall when the PIX Firewall unit is between the H.323 Gateway and Gatekeeper. When the PIX Firewall is between the Gateway and Gatekeeper, whenever PIX Firewall detects RAS packets, it enables packet checking. Use the debug h323 ras event command to determine if RAS packets are passing through the PIX Firewall.
Sample output from the debug h323 ras event command appears as follows:
57:RAS::RRQ received from 10.130.4.250/51527 to 10.132.4.6/1719
58:RAS::RCF received from 10.132.4.6/1719 to 10.132.4.250/51527
The first line shows that a RAS registration request was received by the PIX Firewall. The next line shows that the request was confirmed.
If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can enable RAS fixups with the fixup protocol h323 1720 command. If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can disable RAS fixups with the no fixup protocol h323 1720 command.
However, if the PIX Firewall unit is between the Gateway and Gatekeeper, the
no fixup protocol h323 1720 command has no effect and RAS fixups continue automatically.
but when i looked upon ver 6.1 this is what i've discovered so far...
h323 should not drop RAS packets if > 1024...
all of these came from www.cisco.com
hope that these would help...
20 years 5 months ago #4412
by MaXiMuS
Replied by MaXiMuS on topic Re: RAS Protocol support for PIX525
Your firewall supports the RAS protocol . U need to upgrade to ver6.2 or 6.3 for this command "fixup protocol h323 ras 1718-1719" to work.
In ver 6.1 the supported command is "fixup protocol h323 [port[-port]] "
In ver 6.1 the supported command is "fixup protocol h323 [port[-port]] "
Time to create page: 0.117 seconds