I don't think you can have the inspect and fixup in the same config. I believe the inspection policies replace the fixup commands in the 7.x+ code.
either one pretty much does the same thing- its going into the packet and rewriting the IP in the h323 data payload (if necessary). we had some issues with this behaviour and ended up disabling the h323 inspection and turning on the NAT traversal option of the device and things worked great for us. YMMV. Obviously you'll want to make sure you don't have any other h323 device traffic that would be affected by this change. -andy ________________________________________ From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] On Behalf Of Steven Pfister [spfis...@dps.k12.oh.us] Sent: Wednesday, July 15, 2009 9:28 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Question on h.323 video calls through a PIX 525 with NAT I'm having some trouble with h.323 (video) calls through a PIX 525 using NAT. We can get incoming calls fine, but not outgoing calls for some reason. My question has to do with 'inspect h323' vs 'fixup protocol h323'. What's the difference between them? The video conferencing unit in question has a NAT transversal option where I can supply an address and mask.I'm wondering if I'm having a NAT transversal problem anyway. Which one would handle the NAT transversal, inspect or fixup? Currently, the PIX config has: inspect h323 h225 inspect h323 ras do I need: fixup protocol h323 h225 1718-1720 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 instead of the inspect commands? In addition to them? Thanks! Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfis...@dps.k12.oh.us _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
