Firewall Wizards mailing list archives
iChat A/V and Cisco PIX 501 (6.3)
From: Brian Galdino <briangaldino () mac com>
Date: Tue, 27 Apr 2004 11:43:26 -0700
Hi-I am currently experiencing difficulties getting iChat A/V to work through my Cisco PIX 501 running PIX OX 6.3. As you can see below, I am attempting to connect from my internal address space (172.16.1.x) through the Internet and through a friends Linksys router to their internal address space (192.168.1.x). Using a home D-link router I had no problems communicating with the same person. It seems to be failing during translation, and I can't seem to figure out how to get around it. Has anyone been able to successfully configure a pix to work with iChat, particularly in this type of a configuration using NAT? Any help would me most appreciated.
Thanks- Brian Here is the path I followed......I followed Apple's document on firewall config and implemented Configuration A, which they say is compatible with most configurations:
http://docs.info.apple.com/article.html?artnum=93208 iChat Connection Doctor Error: 2004-04-27 11:14:36 -0700: Jamie did not respond. Tried to send UDP SIP "invite" to the following IP addresses and ports: 69.17.55.164:5060, 192.168.1.105:5060 PIX Log:302015: Built outbound UDP connection 5024 for outside:69.17.55.164/5060 (69.17.55.164/5060) to inside:172.16.1.10/5060 (216.27.176.126/3868) 305006: regular translation creation failed for udp src inside:172.16.1.10/3868 dst outside:69.17.55.164/5060 607001: Pre-allocate SIP Via UDP secondary channel for outside:69.17.55.164 to inside:172.16.1.10/5060 from INVITE message 607001: Pre-allocate SIP Signalling UDP secondary channel for outside:69.17.55.164/5060 to inside:172.16.1.10 from INVITE message 305006: regular translation creation failed for udp src inside:172.16.1.10/3868 dst outside:69.17.55.164/5060 305006: regular translation creation failed for udp src inside:172.16.1.10/3868 dst outside:69.17.55.164/5060 302015: Built outbound UDP connection 5027 for outside:192.168.1.105/5060 (192.168.1.105/5060) to inside:172.16.1.10/5060 (216.27.176.126/3868) 305006: regular translation creation failed for udp src inside:172.16.1.10/3868 dst outside:192.168.1.105/5060 305011: Built dynamic UDP translation from inside:172.16.1.10/16385 to outside:216.27.176.126/3871 305011: Built dynamic UDP translation from inside:172.16.1.10/16384 to outside:216.27.176.126/3870 305011: Built dynamic UDP translation from inside:172.16.1.10/16387 to outside:216.27.176.126/3873 305011: Built dynamic UDP translation from inside:172.16.1.10/16386 to outside:216.27.176.126/3872 607001: Pre-allocate SIP Via UDP secondary channel for outside:192.168.1.105 to inside:172.16.1.10/5060 from INVITE message 607001: Pre-allocate SIP Signalling UDP secondary channel for outside:192.168.1.105/5060 to inside:172.16.1.10 from INVITE message 305006: regular translation creation failed for udp src inside:172.16.1.10/3868 dst outside:192.168.1.105/5060 305006: regular translation creation failed for udp src inside:172.16.1.10/3868 dst outside:192.168.1.105/5060
Relevant PIX Config (I stripped out irrelevant lines in pasting config here)
PIX Version 6.3(1) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname vallejo names name 172.16.1.0 vallejo-inside-net name 172.16.1.1 vallejo-inside name 216.xxx.xxx.126 vallejo access-list outside_in permit icmp any any access-list outside_in permit tcp any any eq aol access-list outside_in permit tcp any any eq 5298 access-list outside_in permit tcp any any eq 5297 access-list outside_in permit udp any any range 1024 65535 mtu outside 1500 mtu inside 1500 ip address outside vallejo 255.255.255.0 ip address inside vallejo-inside 255.255.0.0 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group outside_in in interface outside route outside 0.0.0.0 0.0.0.0 216.xxx.xxx.1 1 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- iChat A/V and Cisco PIX 501 (6.3) Brian Galdino (Apr 27)
- <Possible follow-ups>
- RE: iChat A/V and Cisco PIX 501 (6.3) Melson, Paul (Apr 28)
- Re: iChat A/V and Cisco PIX 501 (6.3) Brian Galdino (Apr 28)
- RE: iChat A/V and Cisco PIX 501 (6.3) Melson, Paul (Apr 28)