does anyone have a sip working through a cisco pix firewall? i can get the phone to register and the call to be negotiated, but as soon as the call is answered there is no sound and the call ends immediately. im sure this is due to the RTP negotiation being rejected by the pix. any helpful ways around this? right now my only solution is to put a small box outside the firewall and IAX the connection to the main asterisk server, but its not a long term solution and id rather not have anything outside the firewall if i can help it. thanks in advance duncan
>does anyone have a sip working through a cisco pix firewall? > >i can get the phone to register and the call to be negotiated, but >as soon as the call is answered there is no sound and the call ends >immediately. im sure this is due to the RTP negotiation being >rejected by the pix. any helpful ways around this? right now my >only solution is to put a small box outside the firewall and IAX the >connection to the main asterisk server, but its not a long term >solution and id rather not have anything outside the firewall if i >can help it. > >thanks in advance > > >duncanI've worked with some people on this problem, and to this point it's been un-solveable. The PIX refuses to "ignore" SIP messages (even if you explicitly tell it to) and will always muck with them, which breaks the session. Newer software on the PIX has been rumored to fix the problem, but it's not my gear, so I haven't been able to test. Please post any further results as you get them; I know several people on the list and elsewhere who would like to know the magic bullet for solving this problem. You'd think that Cisco's firewall would handle SIP the right way.... sheesh. JT
> -----Original Message----- > From: John Todd [mailto:jtodd@loligo.com] > Sent: Friday, August 29, 2003 3:03 PM > To: asterisk-users@lists.digium.com > Subject: Re: [Asterisk-Users] sip and pix > > > > I've worked with some people on this problem, and to this point it's > been un-solveable. The PIX refuses to "ignore" SIP messages (even if > you explicitly tell it to) and will always muck with them, which > breaks the session. Newer software on the PIX has been rumored to > fix the problem, but it's not my gear, so I haven't been able to test. > > Please post any further results as you get them; I know several > people on the list and elsewhere who would like to know the magic > bullet for solving this problem. > > You'd think that Cisco's firewall would handle SIP the right > way.... sheesh.I'm getting ready to test behind a PIX. When was the configuration that didn't work? I assume with NAT....how about without the PIX NATting? Daryl