This is a multi-part message in MIME format.

------_=_NextPart_001_01C7144C.8490CA60
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

So it sounds like you are having two problems, please confirm:

1) The ATAs can not get an IP address from the PIX at location B
2) The ATAs are unable to send voice data across the VPN

Can you answer the following questions:

- You say that every machine (except the ATAs) connect fine. Do you mean =
they connect to they connect fine to location A over the VPN?=20
- Can machines at location A ping an ATA when the ATA has a statically =
assigned IP address?
- Can you post the entire config of the location B PIX? I want to see =
all the ACLs, IPs and crypto stuff.



cjw

Christopher J. Wargaski=20
RMS Technology Solutions, Inc.
cwargaski@rmstsi.com
(847) 215-1661 x223



-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com on behalf of J. =
Oquendo
Sent: Wed 11/29/2006 1:43 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Pix, VoIP and ATA's
=20
Hey all, having an issue with a Pix and VoiP protocols. I have 3 ATA's=20
hooked up to a bridge, that's being given DHCP via a Pix. Every machine=20
works fine getting DHCP and connecting except the ATA's. My connection=20
is as follows:

Internet --> Adtran Router --> Pix --> Internal

There are no rules on the Adtran side that would prohibit anything, and=20
the Pix is very minimal (mid sized location). The ATA's connect to=20
another Pix which is VPN'd with this one.

LocationA ---> Pix --> Adtran --> Internet --> Adtran --> Pix -->=20
LocationB(ATA's are here)

I created an acl on LocationB:

access-list acl_inside permit ip 192.168.20.0 255.255.255.0 host=20
xxx.xxx.xxx.xxx

Where xxx.xxx.xxx.xxx is the registrar for these ATA's (LocationB). When =

it comes to DHCP, the Pix will not spit out an address for these ATA's.=20
Before someone comments: "The ATA's are broken and they're not getting=20
DHCP" or something. I can hook them up into any other device and they=20
will obtain DHCP. I can hook up a laptop into the same ports as the=20
ATA's, and the laptop works fine. Seems like there is something I am=20
missing? If I statically assign them addresses, still no dice.


Here are relevant Pix configs:

fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69

timeout h323 1:39:00 mgcp 1:39:00 sip 9:30:00 sip_media 1:39:00
timeout sip-disconnect 0:10:00 sip-invite 0:10:00

dhcpd address 192.168.10.2-192.168.10.254 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside



--=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?...h=3D0x1383A743
sil . infiltrated @ net http://www.infiltrated.net=20

The happiness of society is the end of government.
John Adams


------_=_NextPart_001_01C7144C.8490CA60
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64

eJ8+Ih0GAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAA DoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEAIQ AAAFJFOiBbZnctd2l6XSBQaXgs
IFZvSVAgYW5kIEFUQSdzAOsJAQWAAwAOAAAA1gcLAB4AAAA3AB sABABcAQEggAMADgAAANYHCwAe
AAAANwAbAAQAXAEBCYABACEAAABGMUIyRTVDNTRGMzExNTRDQj A2N0Q1QkNBMTY1MTNBQwA6BwED
kAYAyA8AADkAAAADACYAAAAAAAMANgAAAAAAQAA5AGDKkIRMFM cBHgA9AAEAAAAFAAAAUkU6IAAA
AAACAUcAAQAAADcAAABjPXVzO2E9IDtwPVJNUyBCdXNpbmVzcy BTeXM7bD1DTElGRi0wNjExMzAw
NjU1MjdaLTQ5OTIAAB4ASQABAAAAHQAAAFtmdy13aXpdIFBpeC wgVm9JUCBhbmQgQVRBJ3MAAAAA
QABOAIAuQa7uE8cBHgBaAAEAAAAvAAAAZmlyZXdhbGwtd2l6YX Jkcy1ib3VuY2VzQGxpc3RzZXJ2
Lmljc2FsYWJzLmNvbQAAAgFbAAEAAAB7AAAAAAAAAIErH6S+ox AZnW4A3QEPVAIAAAAAZmlyZXdh
bGwtd2l6YXJkcy1ib3VuY2VzQGxpc3RzZXJ2Lmljc2FsYWJzLm NvbQBTTVRQAGZpcmV3YWxsLXdp
emFyZHMtYm91bmNlc0BsaXN0c2Vydi5pY3NhbGFicy5jb20AAA IBXAABAAAANAAAAFNNVFA6RklS
RVdBTEwtV0laQVJEUy1CT1VOQ0VTQExJU1RTRVJWLklDU0FMQU JTLkNPTQAeAF0AAQAAAAsAAABK
LiBPcXVlbmRvAAACAV4AAQAAADwAAAAAAAAAgSsfpL6jEBmdbg DdAQ9UAgAAAABKLiBPcXVlbmRv
AFNNVFAAc2lsQGluZmlsdHJhdGVkLm5ldAACAV8AAQAAABkAAA BTTVRQOlNJTEBJTkZJTFRSQVRF
RC5ORVQAAAAAHgBmAAEAAAAFAAAAU01UUAAAAAAeAGcAAQAAAC 8AAABmaXJld2FsbC13aXphcmRz
LWJvdW5jZXNAbGlzdHNlcnYuaWNzYWxhYnMuY29tAAAeAGgAAQ AAAAUAAABTTVRQAAAAAB4AaQAB
AAAAFAAAAHNpbEBpbmZpbHRyYXRlZC5uZXQAHgBwAAEAAAAdAA AAW2Z3LXdpel0gUGl4LCBWb0lQ
IGFuZCBBVEEncwAAAAACAXEAAQAAABsAAAABxxP5nPS+XeG0BE tIgJpcheBSFMo9AApPHwYAHgB0
AAEAAAAnAAAARmlyZXdhbGwgV2l6YXJkcyBTZWN1cml0eSBNYW lsaW5nIExpc3QAAB4AGgwBAAAA
DwAAAENocmlzIFdhcmdhc2tpAAAeAB0OAQAAAB0AAABbZnctd2 l6XSBQaXgsIFZvSVAgYW5kIEFU
QSdzAAAAAAIBCRABAAAAGwgAABcIAAAiDgAATFpGddpr90wDAA oAcmNwZzEyNeIyA0N0ZXgFQQED
Aff/CoACpAPkBxMCgA/zAFAEVj8IVQeyESUOUQMBAgBjaOEKwHNldDIGAAbDESX2MwRGE 7cwEiwR
MwjvCfe2OxgfDjA1ESIMYGMAUHMLCQFkMzYWUAumBgBvlCBpBU BzCGBuZAQgQGxpa2UgeQhgIBcK
wB3wE+B2C4BnIHQadx0AcANgAmBlbXNWLB8wH4BhFBAgBaBu4G Zpcm06CqIKhAqAIDEpIFRoHfBB
VEpBBCBjA5FubwVAZycUIB5AA6BJUB5AZGQfGCAEEQNSHvAh0V BJWE8eQAVAF7AiUHRpAiAg+kIg
1DIhqR5SHXABoB+Ajx7wHQAUEB2AIHZvDeC1HfBkJMBhHkAFAG 8EEdEkQlZQTiDaQwORHhPdAIB3
EoEkQgIQbBewA/BVHtFxClBzJTJzIMstxCBZHiFzYXkkMSTB3GV2BJAt4ADBaAuA HfD+KA7AKBAF
MSRCIgIhoCBRHS8AYwVAIIAvAC4gRP8dAB4SB4ADkSRBLeAwVi dhjzH7MNInUiT3QSBvLmH9KPY/
CuMtQioyLrUmkSTZnTTQcB7CA5EiASB3IdD/MdM4cxPgJpEdQAGQJTAiUO8rgC3gIBAAkGcvACfA
I0j2PzXaHhJwKMAvlAnwJTDnHmEgUx7gb2YkMyT4JHL9NbBJOL AAcDKjFBAd8DpR+S+kQ0wfsSNA
JpEnsQUApnkFMCdxdHUBIC4g2tEg2mNqdyl7aAUQLDCsb3Ah0A XASjEQVwrAUmcgEGtpNcVSBeFU
7QWQaCKQF7BnLeAc8ApA0yxDQWFuY0LFYz/gRlSuQCCgLDAAkC4FoG0g1BAoODQ3IaAyMTUALTE2
NjEgeDJeMhUwQ08tBU2yTwUQZ+8LgAdABdAjsWEi0E2zINR6Rg NhOjDBGCA/4CuALeUD8HoLEXMt
BuAdcCgQnHNAHcBKIQSQdi4N4HMtwAtgYnNKYjTgA6BiumUT4G w+YD5RRgFPLAG9HYBvINQGYAIw
T/BXOwEgMTEvMjlVkDAwojZVYDo0MyRwTSDU9FRvT/BGUCVGIFC0BlHqYwhxdC3gTQtwHcAe0cZM
RXFUdXViajCRT/AoW2Z3UJJdJHBpeDkfwFZvI0InsSIBJ3P7INQ1xUgyETpRH8Ae lQOR7wQBClA4
sB0gaDnBWxFBs/1bYGkjUB9BJ2AXkVKgP7EfHpEd8FZQW/M1xWhvb7Md4CfAdXAnUihwYgUQ/mQi
0B/ALgJhUVMwHsJOMOMuYAOgREhDI1AesChxO1sCMRBFLmsg1B8Qc mv/I9Eu8iLRJTAe0WSDQcMw
ZO8ewi9MXCAxEE0yJyVCINT/BAA6kStVLIxIwA6wBKAi4cVNsD4QwGR0cgORCAD/SEASgW3CXxJt
wm00B0Ag2o8hwR5hHlIikCBydR+A/wQgJVEvs24UAJABAC30HxBvccAnwB9BLuBiHSEAcHn/JEAe
wR/AQcIg1CRDXyFrke8uZAuAB3BOYSh2wCfAAJD2ejsBJPYpMRAhx WFRMkn/INQAcCKgRcJfEjjA
DeBe0PtrkSlBJyfAXqN0sXHyMQD9INpMJQU00E2xbwhuBW9o52 2cbup9TEIoYSQeU3EB/ilse0Hx
IAAOsCfAA5EA0P8DICVRgicgywDQUWFRAFGi7YUyXwuAcvNwBJ B2wAVAIwUgVWA5Mi5LoDgu/QHQ
LhZQGlGJkIoFFlBh4Gs9ASDUeIuALouJINpX/3Dzi412MiRCGCBOMCwwbjDfBcACECsDICFhJCiC
J3hx/40xaxcFQEpxB5EnYWSCYzLvdeQD8ECxIpJzOAAFQG6B34UDI4a PvDEQINRCARAFsP8d8B1Q
B4B8oZJCB4ACMCyA/CAieKgeUmLQYgGFISexfTHyJ3FTIrNnoyDUZIIi/zTgBcCXcnSzYHIiUmHi
JDL/JCBiUQuAYoJ0kDTgeoMBAP8esCgRmfZmVpPSH2ABkAuA/2RznPtiUShwC2BCMZ4lJEL/LcAH
gDzRACBroyRCINRb8/91BD6DosRmyDEQBmAfkR20/3qCHfBrkZxnP7GjwDXFdsD/OrEe0D+hPmA/
wDn/nbQjdf8HkB/ALDGT4ygwKAFCz1zy93EVGCAfgHY/8l8SPeQsjH0ggHhiUV/mKDAGMQDAeFkH
cHVth3AJ8GdewTX/DiCxL7IyAYBiYEtgs9+yMtxoM0wQHoBMADVVYAHBn7WPtpduMA Qgt3AxOEuQ
vbmgObe/tpMCQGJgOLev97IjFACzgjS777zzSjBiYP8aYL2fsiMAkL8hVf C738B3/HVkwO/AKUaQ
MHAt4FXRb8NPwHQOoLVBNcVfwINxfmxtgktwtW+yFAAwtTE2P7 oVdWUHcZSittNWIDM59jpV4C6g
Zw3wzFfAwsyQ9DMwzXVfB4CtcChwzGV7yzzAwS2tcATwMGXOID F9ziYtC4AesA6w0UYg2mT+aA3w
hPEjhYkm0XCJkEuQ/9Spv1CeMXLy01of9BwhxUXr07Q4Al/LljfDENNaCfDfJxPWWttvTaE1xT3d
f96Pj9+fINRT3rtyOi8vDgBUcC6IsS4JgHXRYDHuM7mg4nBm8C 8XsGIAYlDqP0WgPSLRJhQQCsAT
0Ag9MHjjUDgzQTd/VkAg1ACQAyAxEAuAIIBsu24hhNJAIoAi4eIVd+ggu1Ig5qgubY JwLR6BcDgB
9yOyPlEdUGMIkFihjpUnorU+UWc08m6YIq21SnQQLzSxKEAfoC Dafe8QAB4ANRABAAAAOQAAADxG
N0I4RDlCQjM5NzAwRTQ4QUFGQUFDOTc4QzdBQkI3MzAzODkzMk BjbGlmZi5ybXNiZy5jb20+AAAA
AB4AORABAAAAIQAAADw0NTZERTJGMS44MDUwOUBpbmZpbHRyYX RlZC5uZXQ+AAAAAB4ARxABAAAA
DwAAAG1lc3NhZ2UvcmZjODIyAAALAPIQAQAAAB8A8xABAAAATg AAAFIARQAlADMAQQAgAFsAZgB3
AC0AdwBpAHoAXQAgAFAAaQB4ACwAIABWAG8ASQBQACAAYQBuAG QAIABBAFQAQQAnAHMALgBFAE0A
TAAAAAAACwD2EAAAAABAAAcwLsJy2SIUxwFAAAgwMN2jhEwUxw EDAN4/r28AAAMA8T8JBAAAHgD4
PwEAAAAPAAAAQ2hyaXMgV2FyZ2Fza2kAAAIB+T8BAAAAfAAAAA AAAADcp0DIwEIQGrS5CAArL+GC
AQAAAAAAAAAvTz1STVMgQlVTSU5FU1MgU1lTVEVNUyBJTkMvT1 U9RklSU1QgQURNSU5JU1RSQVRJ
VkUgR1JPVVAvQ049UkVDSVBJRU5UUy9DTj1DV0FSR0FTS0lAUk 1TQlVTLkNPTQAeAPo/AQAAABUA
AABTeXN0ZW0gQWRtaW5pc3RyYXRvcgAAAAACAfs/AQAAAB4AAAAAAAAA3KdAyMBCEBq0uQgAKy/h
ggEAAAAAAAAALgAAAAMA/T/kBAAAAwAZQAAAAAADABpAAAAAAAMAHUAAAAAAAwAeQAAAAAAeA DBA
AQAAABUAAABDV0FSR0FTS0lAUk1TQlVTLkNPTQAAAAAeADFAAQ AAABUAAABDV0FSR0FTS0lAUk1T
QlVTLkNPTQAAAAAeADJAAQAAAC8AAABmaXJld2FsbC13aXphcm RzLWJvdW5jZXNAbGlzdHNlcnYu
aWNzYWxhYnMuY29tAAAeADNAAQAAABQAAABzaWxAaW5maWx0cm F0ZWQubmV0AB4AOEABAAAAFQAA
AENXQVJHQVNLSUBSTVNCVVMuQ09NAAAAAB4AOUABAAAAAgAAAC 4AAAADAHZA/////wsAKQAAAAAA
CwAjAAAAAAADAAYQcT23iQMABxAbCQAAAwAQEAAAAAADABEQAA AAAB4ACBABAAAAZQAAAFNPSVRT
T1VORFNMSUtFWU9VQVJFSEFWSU5HVFdPUFJPQkxFTVMsUExFQV NFQ09ORklSTToxKVRIRUFUQVND
QU5OT1RHRVRBTklQQUREUkVTU0ZST01USEVQSVhBVExPQ0FUSU 8AAAAAAgF/AAEAAAA5AAAAPEY3
QjhEOUJCMzk3MDBFNDhBQUZBQUM5NzhDN0FCQjczMDM4OTMyQG NsaWZmLnJtc2JnLmNvbT4AAAAA
ZcU=

------_=_NextPart_001_01C7144C.8490CA60
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

------_=_NextPart_001_01C7144C.8490CA60--