To all who requested PIX config for Net Meeting: I received a number of emails about my rather terse post that I had it working. Sorry to keep you waiting. I had been working on something else that was haunting me for a solution. I hope this is what you were looking for. Note that I have not tested inbound originated audio capability since I do not have audio requirements. I don't think "outside" originated audio will work, however inside originated sessions should. Otherwise it works for me. Outside originated clients can initiate and establish sessions to the inside hosts and visa-versa. Note these are ficticious IP's in this config. nameif ethernet0 outside security0 nameif ethernet1 inside security100 fixup protocol h323 1720 static (inside,outside) 204.71.200.75 10.1.1.75 netmask 255.255.255.255 0 0 conduit permit tcp 204.71.200.75 255.255.255.255 eq 389 any conduit permit tcp 204.71.200.75 255.255.255.255 eq 522 any conduit permit tcp 204.71.200.75 255.255.255.255 eq 1503 any conduit permit tcp 204.71.200.75 255.255.255.255 eq 1731 any conduit permit tcp 204.71.200.75 255.255.255.255 eq h323 any You may have other security requirements. This will let any host start a netmeeting session to external IP 204.71.200.75 that is pointing to a host on the inside with IP 10.1.1.75. The following is from Microsoft's knowledge Base (Article Q158623) NetMeeting uses the following Internet Protocol (IP) ports: Port Purpose ------------------------------------- 389 Internet Locator Server [Transmission Control Protocol (TCP)] 522 User Location Server (TCP) 1503 T.120 (TCP) 1720 H.323 call setup (TCP) 1731 Audio call control (TCP) Dynamic H.323 call control (TCP) Dynamic H.323 streaming [Realtime Transport Protocol (RTP) over User Datagram Protocol (UDP)] To establish outbound NetMeeting connections through a firewall, the firewall must be configured to do the following: a.. Pass through primary TCP connections on ports 522, 389, 1503, 1720 and 1731. b.. Pass through secondary UDP connections on dynamically assigned ports (1024-65535). NOTE: Some firewalls are capable of passing through TCP connections on specific ports, but are not capable of passing through secondary UDP connections on dynamically assigned ports. When you establish NetMeeting connections through these firewalls, you are unable to use the audio features of NetMeeting. In addition, some firewalls are capable of passing through TCP connections on specific ports and secondary UDP connections on dynamically assigned ports, but are not capable of virtualizing an arbitrary number of internal IP addresses, or are not capable of doing so dynamically. With these firewalls, you are able to establish NetMeeting connections from computers inside the firewall to computers outside the firewall and you are able to use the audio features of NetMeeting, but you are unable to establish connections from computers outside the firewall to computers inside the firewall. The H.323 call setup protocol (over port 1720) dynamically negotiates a TCP port for use by the H.323 call control protocol. Also, both the audio call control protocol (over port 1731) and the H.323 call setup protocol (over port 1720) dynamically negotiate User Datagram Protocol (UDP) ports for use by the H.323 streaming protocol, called the real time protocol (RTP). In NetMeeting, two ports are determined on each side of the firewall for audio and video streaming. These dynamically negotiated ports are selected arbitrarily from all ports that can be assigned dynamically. NetMeeting directory services require either port 389 or port 522, depending on the type of server you are using. Internet Locator Servers (ILSs), which support the lightweight directory access protocol (LDAP) for NetMeeting 2.0 or later, require port 389. User Location Servers (ULSs), developed for NetMeeting 1.0, require port 522. John Burgess fastex.net - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
