https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118811#M393623 <HTML><HEAD></HEAD><BODY><P>I have also record one more log Please have a look at the attached..</P></BODY></HTML> Sat, 29 Dec 2012 20:30:25 GMT samirshaikh52 2012-12-29T20:30:25Z https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118807#M393617 <P>Hi,</P><P>I am encountering some problems setting up my new polycom hdx 8000 behind ASA 5540</P><P></P><P>I have opened reuired ports through the firewall ( incoming and outgoing). I have enabled inspection h323 on ASA and enabled the option NAT is 323 compatible on Polycom.</P><P></P><P>3230-3243 tcp</P><P>h323 tcp</P><P>h323 udp</P><P>3230-3285 udp</P><P></P><P>Here is the problem.</P><P>I get connected to the call but I cannot&nbsp; the remote site cannot see and hear me.</P><P>But I can see and hear them.</P><P></P><P>Please can someone help me in this very important matter.</P><P></P><P>Thanks</P> Tue, 12 Mar 2019 00:41:57 GMT https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118807#M393617 samirshaikh52 2019-03-12T00:41:57Z https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118808#M393619 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I can't probably give you an exact answer to your problem but I remember some customer once having probems with Polycom devices through Cisco firewalls.</P><P></P><P>To my understanding one thing recommended is to avoid using the inspect/fixup commands on the PIX/ASA firewall. I think I've also read on a Cisco document that there has been some problems between Cisco firewalls and Polycom devices in general but cant find that document right now.</P><P></P><P>policy-map global_policy</P><P> class inspection_default</P><P><STRONG>&nbsp; no inspect h323 h225</STRONG></P><P><STRONG>&nbsp; no inspect h323 ras</STRONG></P><P></P><P>Or something similiar depending on your firewall software.</P><P></P><P>You could try the above perhaps.</P><P></P><P>Have you tried to monitor the logs through ASDM to see if there is anything that is getting blocked while you try to form the connections?</P><P></P><P>- Jouni</P></BODY></HTML> Sat, 29 Dec 2012 15:34:08 GMT https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118808#M393619 Jouni Forss 2012-12-29T15:34:08Z https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118809#M393621 <HTML><HEAD></HEAD><BODY><P>Hi Thanks for your quick response.</P><P>Yes I have trid before disabling h323 inspection and then disabling NAT is h323 compatible on Polycom</P><P><BR />In my ASDM logs I have seen any dropped or denied connection. Please see the attached.</P><P></P><P>Thanks for the help.</P></BODY></HTML> Sat, 29 Dec 2012 15:53:36 GMT https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118809#M393621 samirshaikh52 2012-12-29T15:53:36Z https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118810#M393622 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Only special thing about that output is that the ICMP is getting block from "inside" to "outside"</P><P></P><P>Also since its ICMP Type 3 Code 3 it would seem that the "inside" device is sending some "Port Unreachable" to the host on the "outside".</P><P></P><P>Is the "inside" Polycom device not accepting some connection and why?</P><P></P><P>I guess its probably related to some UDP connection not getting through to the Polycom device?</P><P></P><P>Personally I am not really familiar with video conferencing or its firewall related things. I have only been lately trying to troubleshoot some situations.</P><P></P><P>I would perhaps also try to take some packet captures on the ASA itself and go through them.</P><P></P><P>- Jouni</P></BODY></HTML> Sat, 29 Dec 2012 16:08:58 GMT https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118810#M393622 Jouni Forss 2012-12-29T16:08:58Z https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118811#M393623 <HTML><HEAD></HEAD><BODY><P>I have also record one more log Please have a look at the attached..</P></BODY></HTML> Sat, 29 Dec 2012 20:30:25 GMT https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118811#M393623 samirshaikh52 2012-12-29T20:30:25Z https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118812#M393624 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The single log message included in that file seems to be indicating that traffic from the Polycom device is being blocked from leaving from your network to the remote device.</P><P></P><P>Could you try and open everything for the Polycom device so no access-list is blocking its connections?</P><P></P><P>Seems you have an ACL named <STRONG>"inside_access_in"</STRONG> attached to the <STRONG>"inside"</STRONG> interface which is blocking some connection.</P><P></P><P>Could you perhaps for testing purposes open all traffic from the Polycom device to the destination IP address? (if the one in the logs is the only one.</P><P></P><P><STRONG>access-list inside_access_in line 1 permit ip host <POLYCOM local="" ip="" address=""> host <REMOTE device="" ip="" address=""></REMOTE></POLYCOM></STRONG></P><P></P><P>The source and destination port look a bit wierd (high port as destination) but maybe you could give the above a go and see if it helps.<STRONG><BR /></STRONG></P><P></P><P>- Jouni</P></BODY></HTML> Sat, 29 Dec 2012 21:19:51 GMT https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118812#M393624 Jouni Forss 2012-12-29T21:19:51Z https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118813#M393625 <HTML><HEAD></HEAD><BODY><P>I have also tried by opening all the ports ( incoming and outgoing) but it was the same.</P><P></P><P>Something weird <SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/sad.gif"></SPAN> Really !</P><P></P><P>Samir</P></BODY></HTML> Sat, 29 Dec 2012 22:33:32 GMT https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118813#M393625 samirshaikh52 2012-12-29T22:33:32Z https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118814#M393626 <HTML><HEAD></HEAD><BODY><P>I have found a very interesting thing </P><P></P><P>I assigned public ip address to the LAN interface of my laptop and placed a call to polycom. It was successfully Both way I can see and hear</P><P></P><P>But when I assigned dhcp private ip to the laptop and placed a call. Then polycom is not able to send audio and video.</P><P></P><P>Polycom see a private ip address while recieving a call</P><P></P><P>What is mean by that Can anyone pleas help me. ?<SPAN id="mce_marker"> </SPAN></P></BODY></HTML> Sun, 30 Dec 2012 15:55:22 GMT https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118814#M393626 samirshaikh52 2012-12-30T15:55:22Z https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118815#M393627 <HTML><HEAD></HEAD><BODY><P>Try to set up a static NAT to a dedicated public IP for all ports.</P></BODY></HTML> Mon, 31 Dec 2012 19:23:52 GMT https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118815#M393627 Peter Koltl 2012-12-31T19:23:52Z https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118816#M393628 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P> I have already a static NAT for a fixed public IP allowing all ports. ( outgoing)</P><P></P><P>Thanks.</P></BODY></HTML> Mon, 31 Dec 2012 19:40:40 GMT https://community.cisco.com/t5/network-security/polycom-hdx8000-behind-asa-firewall/m-p/2118816#M393628 samirshaikh52 2012-12-31T19:40:40Z