Copyright © 2001 Cisco Systems, Inc. Page 6 of 11
How to configure the Cisco Secure PIX Firewall to allow H.323 traffic
For this configuration we will assume the following, which is depicted in figure 1:
• The Firewall is a PIX 515 with two interfaces.
• A Gatekeeper with an internal IP address of 10.1.1.10 and an external IP address
of 209.165.201.10.
• An H.323 terminal with an internal IP address of 10.1.1.20 and an external IP
address of 209.165.201.20.
• A Cisco IP/VC 3510 MCU with an internal IP address of 10.1.1.30 and an
external IP address of 209.165.201.30
• An H.323 terminal residing outside the firewall with an IP address of
206.165.201.55
Figure 1: Two Interface PIX with NAT Diagram
Cisco MCM Gatekeeper/Proxy
IP Addr: 10.1.1.10
H.323 Terminal
IP Addr: 10.1.1.20
H.323 Terminal
IP Addr: 209.165.201.55
Internet
209.165.201.1
Cisco IP/VC 3510 MCU
IP Addr: 10.1.1.30
209.165.201.5
10.1.1.5
H.323 Terminal
IP Addr: 10.1.1.21