Firewalls provide a key layer of defense for your network and are an integral part of your overall defense-in-depth network security strategy. However, If not managed and implemented properly, a network firewall can cause connectivity issues with H.323 and SIP devices. If you experience any connectivity issues with Cisco ASA firewall please try the following:


  • Disable Fixup / Inspect for H.323 H.225 and RAS

Cisco PIX:

PIX(config)# no fixup protocol h323 h225 1720

PIX(config)# no fixup protocol h323 ras 1718-1719

Cisco ASA:

ASA(config)# policy-map global_policy

ASA(config-pmap)# class inspection_default

ASA(config-pmap-c)# no fixup protocol h323 h225 1720

ASA(config-pmap-c)# no fixup protocol h323 ras 1718-1719


  • Dynamic Ports Translation

Make sure that the firewall is configured to use dynamic ports (vs static). Using static ports will cause ports conflicts and in most cases allow only one endpoint to connect as all endpoints are using port 1719 and port 1720 for RAS and signaling.