[fw-wiz] Pix, VoIP and ATA's

Hey all, having an issue with a Pix and VoiP protocols. I have 3 ATA's hooked up to a bridge, that's being given DHCP via a Pix. Every machine works fine getting DHCP and connecting except the ATA's. My connection is as follows:

Internet --> Adtran Router --> Pix --> Internal

There are no rules on the Adtran side that would prohibit anything, and the Pix is very minimal (mid sized location). The ATA's connect to another Pix which is VPN'd with this one.

LocationA ---> Pix --> Adtran --> Internet --> Adtran --> Pix --> LocationB(ATA's are here)

I created an acl on LocationB:

access-list acl_inside permit ip 192.168.20.0 255.255.255.0 host xxx.xxx.xxx.xxx

Where xxx.xxx.xxx.xxx is the registrar for these ATA's (LocationB). When it comes to DHCP, the Pix will not spit out an address for these ATA's. Before someone comments: "The ATA's are broken and they're not getting DHCP" or something. I can hook them up into any other device and they will obtain DHCP. I can hook up a laptop into the same ports as the ATA's, and the laptop works fine. Seems like there is something I am missing? If I statically assign them addresses, still no dice.


Here are relevant Pix configs:

fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69

timeout h323 1:39:00 mgcp 1:39:00 sip 9:30:00 sip_media 1:39:00
timeout sip-disconnect 0:10:00 sip-invite 0:10:00

dhcpd address 192.168.10.2-192.168.10.254 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside



--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net

The happiness of society is the end of government.
John Adams

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Problem with PIX/WAP connectivity
    ... PIX Inside VLAN1: 192.168.10.1/24 ... I can still ping the inside interface of the PIX, ... fixup protocol dns maximum-length 512 ... dhcpd address 192.168.10.5-192.168.10.20 inside ...
    (comp.dcom.sys.cisco)
  • PIX 501: DHCP on outside interface will not renew
    ... I am trying to set up a PIX 501 for use in a SOHO ... the DHCP server at all--even changes that should ... fixup protocol dns maximum-length 512 ... DHCP: SDiscover: sending 278 byte length DHCP packet ...
    (comp.dcom.sys.cisco)
  • Re: [fw-wiz] Pix, VoIP and ATAs
    ... The ATAs can not get an IP address from the PIX at location B ... that's being given DHCP via a Pix. ... fixup protocol dns maximum-length 512 ...
    (Firewall-Wizards)
  • Re: PIX to PIX VPN problem
    ... I am trying to establish a VPN tunnel between 2 PIX 506E's. ... Crypto map tag: CRYPTO_MAP, local addr. ... fixup protocol dns maximum-length 700 ...
    (comp.dcom.sys.cisco)
  • Remote access vpn using PPTP
    ... I have a PIX 515e version 6.3.The PIX is front end firewall ... with the ISA2004 connected to the inside interface of the PIX. ... fixup protocol dns maximum-length 512 ... access-group outside_access_in in interface outside ...
    (comp.security.firewalls)