Cisco PIX - Router Rules & Settings

Cisco PIX - Router Rules & Settings

Problem:

How do I configure my router for Cisco phones?

Hardware Type:

Cisco

Resolution:

 

Cisco Devices - General

In order for your Cisco device to work with our service, you will typically need to Disable SIP Transformations. Enter the following lines on any Cisco router or switch that is performing a NAT on outbound traffic - this will disable SIP specific transformations done on packets going through the NAT.
no ip nat service SIP udp port 5060


Cisco PIX

Cisco PIX's general release software (release 6.1 and 6.2) has a limitation that does not allow SIP processing to be disabled for UDP. Cisco provides a maintenance release to allow the disabling of SIP processing for UDP. The specific release tested is 6.2.2.125. This load can be obtained from Cisco through their normal support channels.



Configuring Cisco PIX 6.X for VoIP Traffic

1. Once the load is upgraded to 6.2.2.125, enter the command:
show configure
2. You should see the following lines:
fixup protocol sip 5060
fixup protocol sip udp 5060
3. To disable SIP processing, enter the commands:
no fixup protocol sip 5060
no fixup protocol sip udp 5060
4. In addition, the RPC timer needs to be extended, or voice path is lost after the default 10 minutes. This can be done by going to the enable prompt and configuring terminal and typing: "timeout rpc never-time-out" and hitting enter. Then save the config to memory and verify the value by typing "sh timeout rpc". It should be listed as 0:00:0



Configuring Cisco PIX Firewall Software Version 7.X

In Versions 7.x of the PIX software, "fixup" has been replaced with "inspect". This line can be found in either a global or interface specific policy map. A generic configuration will contain entries like this:
class-map inspection_default
match default-inspection-traffic
!
!
policy-map asa_global_fw_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip

 
In the example above, you would need to enter configuration mode via the command line and execute the following commands (hitting enter after each line):
class-map inspection_default
policy-map asa_global_fw_policy
no inspect sip

 Significant restrictions apply to Unlimited Plans. Consult the Terms and Conditions for details.
** Unlimited Plans do not include calls to International Mobile Phone Numbers or to Special Services Numbers such as Toll-Free or Caller-Paid Information Services or 900 Numbers.