Skip to main content

RAS Protocol support for PIX525

More
20 years 5 months ago #4394 by khoanv
I'm having trouble in configuring PIX 525 for VoIP domain. I found that the Firewall we have (PIX525, v 6.1(3)) does not support RAS Protocol. When I tried to configured it by command:
"fixup protocol h323 ras 1718-1719"
it did reply me:
"bad port, type help....."
If you know, please tell me to solve this?
More
20 years 5 months ago #4404 by jhun
Hi

I am not so sure if the version that you have on your PIX firewall supports RAS, but as you said it did not so the ones in italics describes the RAS protocol using ver 5.3(1)..

H.323 RAS fixups cannot be disabled through the PIX Firewall when the PIX Firewall unit is between the H.323 Gateway and Gatekeeper. When the PIX Firewall is between the Gateway and Gatekeeper, whenever PIX Firewall detects RAS packets, it enables packet checking. Use the debug h323 ras event command to determine if RAS packets are passing through the PIX Firewall.

Sample output from the debug h323 ras event command appears as follows:

57:RAS::RRQ received from 10.130.4.250/51527 to 10.132.4.6/1719

58:RAS::RCF received from 10.132.4.6/1719 to 10.132.4.250/51527

The first line shows that a RAS registration request was received by the PIX Firewall. The next line shows that the request was confirmed.

If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can enable RAS fixups with the fixup protocol h323 1720 command. If the PIX Firewall unit is not between the Gateway and Gatekeeper, you can disable RAS fixups with the no fixup protocol h323 1720 command.

However, if the PIX Firewall unit is between the Gateway and Gatekeeper, the
no fixup protocol h323 1720 command has no effect and RAS fixups continue automatically.



but when i looked upon ver 6.1 this is what i've discovered so far...

h323 should not drop RAS packets if > 1024...

all of these came from www.cisco.com

hope that these would help... :)
More
20 years 5 months ago #4412 by MaXiMuS
Your firewall supports the RAS protocol . U need to upgrade to ver6.2 or 6.3 for this command "fixup protocol h323 ras 1718-1719" to work.

In ver 6.1 the supported command is "fixup protocol h323 [port[-port]] "
Time to create page: 0.117 seconds