Multimedia Support on the Cisco Security Appliance
Chapter 7, “Configuring Access,” begins a discussion of some applications that require
special handling by the Cisco Security Appliance. Multimedia applications have special
behaviors that require special handling by the Security Appliance inspection feature.
During normal mode of operation, multimedia application protocols open more than one
communication channel and several data channels. For example, a client might transmit a
request on Transmission Control Protocol (TCP), get responses on User Datagram Protocol
(UDP), or use dynamic ports. The inspect command, formerly the fixup protocol command,
helps the Security Appliance identify such protocols so that it can perform inspections.
The Security Appliance dynamically opens and closes UDP ports for secure multimedia
connections. There is no need to open a range of ports, which creates a security risk, or to
reconfigure any application clients.
The Security Appliance supports multimedia with or without Network Address Translation
(NAT). Many firewalls that cannot support multimedia with NAT limit multimedia usage to
only registered users or require exposure of inside Internet Protocol (IP) addresses to the
Internet.
Many popular multimedia applications use Real-Time Streaming Protocol (RTSP) or the
H.323 suite protocol standard.