Cisco Pix 515E Policy based NAT for H323 Traffic - Help needed!
Posted on 2006-06-12
I need some help on configuring my CISCO PIX 515E Firewall.
I have 3 interfaces;
description BT ADSL Connection (*external address) Static IP address assigned by DHCP from X-Modem
description Internal 10.x network (10.0.0.1)
description Interface connected to Easynet Router (*external address) Statically Assigned
I have two ISP's BT and Easynet, and I am trying to route types of traffic to each.
- I would like all my data and everyday traffic to go via the BT connection (i.e. Emails, FTP, WWW, etc etc)
- I ONLY want H323 Videoconferencing traffic to go via the Easynet connection, nothing else (but both the TCP & UDP parts of the H323 traffic)
I am trying to use something similar to this;
access-list policy-vc extended permit tcp any eq h323 any eq h323
nat (inside) 1 access-list policy-vc
nat (inside) 2 0.0.0.0 0.0.0.0
global (outside_bt) 2 interface
global (outside_easynet) 1 *external address
Im not sure if this will entirely work, as it will only work with the 'TCP part' of the H323 traffic. The 'UDP part' of the H323 traffic (the majority of it, i.e. Video & Audio) will still go out via the BT connection
I am correct?
Any help is very much appreciated!