Estudiante
Páginas: 5 (1168 palabras)
Publicado: 28 de septiembre de 2012
How To: Configure a Cisco ASA 5505 for Video Conferencing
There are five main items which will need to be addressed in order to successfully permit H.323 video conferencing traffic through the Cisco ASA. These items are: 1. 2. 3. 4. 5. Create an IP Service Group Create Network Objects Define NAT Rules Define Access Rules Confirm the ACL Manager
NOTE: With the Cisco ASA 5505 there are nofixup protocols to configure; however, common issues noted with many Cisco ASA models relate to their use of fixup protocols. It is important to ensure that you disable the following if they are enabled on your ASA. Fixup Protocol H323 Fixup Protocol H323 RAS Fixup Protocol H323 H225
Create an IP Service Group
1) From the ASDM configuration tool, click on Configuration, Firewall, and then AccessRules. 2) Click on the Services tab from the menu which appears on the right, and then click Add and select Service Group…
1
2
2
3) In the window that appears enter a Group Name, such as H323-Group. A description can be entered if desired, but it is not necessary. 4) Click the radial button Create new member: We will be creating three new services, configure these services with thefollowing parameters: Service Type: TCP Destination Port/Range: 1720 Source Port/Range: default Service Type: TCP Destination Port/Range: 3230-3243 Source Port/Range: default Service Type: UDP Destination Port/Range: 3230-3285 Source Port/Range: default
Ensure you click Add >> after creating each of these services. When you are finished your group will look like this. (Note: Typically ASA’s havea predefined service for TCP 1720, so rather than see TCP 1720, you may see TCP h323 as shown below.)
3
4
5) Click OK, congratulations you have successfully created the IP Service Group!
Create Network Objects
1) From the ASDM configuration tool, click on Configuration, Firewall, and then Access Rules. 2) Click on the Addresses tab from the menu which appears on the right, and thenclick Add and select Network Object…
1
2
2
3) In the window that appears you can enter a name and description for your object, if no name is entered then the IP address will be displayed. Two objects must be created for each system that is expected to make and receive calls through the ASA, one reflecting the internal IP configuration, and one reflecting the external IP the system willbe translated to. Since all the Objects we will create are hosts, the subnet mask will always be 255.255.255.255, which tells the ASA the object is referring to only one IP address. Your entries should resemble the following:
4) Once you have completed the above for all systems which are required to traverse the ASA, you are finished. Congratulations, you have successfully created your NetworkObjects!
Define NAT Rules
1) From the ASDM configuration tool, click on Configuration, Firewall, and then NAT Rules. 2) In the center window, click Add, and then Add Static NAT Rule…
1 2
3) In the window that appears, the Original Interface should be set to Inside. 4) The Original Source: is configured by selecting the “…” icon at the right of the Source: text box, this icon willdisplay another window where you will select the Internal network object we created earlier.
3 4
4
5) The Translated Source: should be set to Outside. The radial button for Use IP Address: should be selected. Click the “…” icon just like in step 4, but for this step, ensure you selected the External network object created previously which corresponds to the Internal object you selected in step4. The finished NAT rule should resemble the following:
6) When you are finished click OK. Repeat steps 1 – 5 for each system required to traverse the ASA. When you are finished your main NAT Rules window should resemble the following:
Congratulations, you have successfully configured your NAT Rules!
Define Access Rules
1) From the ASDM configuration tool, click on Configuration,...
There are five main items which will need to be addressed in order to successfully permit H.323 video conferencing traffic through the Cisco ASA. These items are: 1. 2. 3. 4. 5. Create an IP Service Group Create Network Objects Define NAT Rules Define Access Rules Confirm the ACL Manager
NOTE: With the Cisco ASA 5505 there are nofixup protocols to configure; however, common issues noted with many Cisco ASA models relate to their use of fixup protocols. It is important to ensure that you disable the following if they are enabled on your ASA. Fixup Protocol H323 Fixup Protocol H323 RAS Fixup Protocol H323 H225
Create an IP Service Group
1) From the ASDM configuration tool, click on Configuration, Firewall, and then AccessRules. 2) Click on the Services tab from the menu which appears on the right, and then click Add and select Service Group…
1
2
2
3) In the window that appears enter a Group Name, such as H323-Group. A description can be entered if desired, but it is not necessary. 4) Click the radial button Create new member: We will be creating three new services, configure these services with thefollowing parameters: Service Type: TCP Destination Port/Range: 1720 Source Port/Range: default Service Type: TCP Destination Port/Range: 3230-3243 Source Port/Range: default Service Type: UDP Destination Port/Range: 3230-3285 Source Port/Range: default
Ensure you click Add >> after creating each of these services. When you are finished your group will look like this. (Note: Typically ASA’s havea predefined service for TCP 1720, so rather than see TCP 1720, you may see TCP h323 as shown below.)
3
4
5) Click OK, congratulations you have successfully created the IP Service Group!
Create Network Objects
1) From the ASDM configuration tool, click on Configuration, Firewall, and then Access Rules. 2) Click on the Addresses tab from the menu which appears on the right, and thenclick Add and select Network Object…
1
2
2
3) In the window that appears you can enter a name and description for your object, if no name is entered then the IP address will be displayed. Two objects must be created for each system that is expected to make and receive calls through the ASA, one reflecting the internal IP configuration, and one reflecting the external IP the system willbe translated to. Since all the Objects we will create are hosts, the subnet mask will always be 255.255.255.255, which tells the ASA the object is referring to only one IP address. Your entries should resemble the following:
4) Once you have completed the above for all systems which are required to traverse the ASA, you are finished. Congratulations, you have successfully created your NetworkObjects!
Define NAT Rules
1) From the ASDM configuration tool, click on Configuration, Firewall, and then NAT Rules. 2) In the center window, click Add, and then Add Static NAT Rule…
1 2
3) In the window that appears, the Original Interface should be set to Inside. 4) The Original Source: is configured by selecting the “…” icon at the right of the Source: text box, this icon willdisplay another window where you will select the Internal network object we created earlier.
3 4
4
5) The Translated Source: should be set to Outside. The radial button for Use IP Address: should be selected. Click the “…” icon just like in step 4, but for this step, ensure you selected the External network object created previously which corresponds to the Internal object you selected in step4. The finished NAT rule should resemble the following:
6) When you are finished click OK. Repeat steps 1 – 5 for each system required to traverse the ASA. When you are finished your main NAT Rules window should resemble the following:
Congratulations, you have successfully configured your NAT Rules!
Define Access Rules
1) From the ASDM configuration tool, click on Configuration,...
Leer documento completo
Regístrate para leer el documento completo.