Q.  How do I set up an H.323 device on different types of networks?

 

A. http://eknowledge.polycom.com/SRVS/CGI-BIN/WEBCGI.EXE/,/?St=20,E=0000000000004458440,K=6973,Sxi=14,Case=obj(41428)

 

 

 

Q. How do I set up the Polycom V2IU behind a PIX?

 

A. Create a bidirectional tunnel on PIX to WAN IP on V2IU

 

Under Network settings on the V2IU

Assign inside IP and mask

Assign outside IP and mask

Assign gateway to outside

 

Under VoIP ALG – H.323

Assign GK IP and use WAN GK

 

 

 

Q. Do you have a sample configuration of a PIX that I can pattern my configuration?

 

A. PIX Version 6.3(0)136

interface ethernet0 10baset

interface ethernet1 10full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

(PASSWORD INFO)

hostname pixfirewall

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list outside-in permit icmp any any time-exceeded  Useful command while

access-list outside-in permit icmp any any unreachable       configuring PIX

access-list outside-in permit icmp any any                           allows Ping command

access-list outside-in permit icmp any any echo-reply         on the outside interface

access-list outside-in permit ip any any

access-list inside-out permit ip any any

pager lines 24

logging on                                          Using this command to view information

logging timestamp                             while logged into PIX with Telnet or

logging console informational          hyperterminal

logging buffered informational

logging trap errors

logging queue 0

logging host inside 164.58.243.242  Using Syslog to capture messages

logging host inside 164.58.243.243  generated by the PIX to a local host    

logging host inside 164.58.243.244

mtu outside 1500

mtu inside 1500

ip address outside 164.58.25.34 255.255.255.252     Outside interface                  

ip address inside 164.58.243.241 255.255.255.240    Inside interface (LAN gateway)

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

nat (inside) 0 164.58.243.240 255.255.255.240 0 0     Turning NAT off and allowing a static translation                                                                                                                          

static (inside,outside) 164.58.243.240 164.58.243.240 netmask 255.255.255.240 0 0

route outside 0.0.0.0  0.0.0.0 164.58.25.33              Route Statement

access-group outside-in in interface outside            Applying access-lists to interfaces

access-group inside-out in interface inside

timeout xlate 1100:00:00     Increase timeout values

timeout conn 1000:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 1193:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Cryptochecksum:3467174113f31edd7e0fb0b34ee4afa7

: end

[OK]