Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
25657
Views
3
Helpful
7
Replies

H.323 Calls via internet using SX20 Codec

arvienmb12
Level 1
Level 1

‎01-14-2014 06:19 PM - edited ‎03-16-2019 09:15 PM

Hi,

Just want to ask if it is possible to implement SX20 Codec that calls other endpoint via Internet (H323). Are there any licenses needed? Thanks.

Arvie

Labels:
7 Replies 7

Enrico Conedera
Cisco Employee
Cisco Employee

‎01-15-2014 10:34 AM

Hello Arvie -

All current TC-software endpoints support both H.323 and SIP, with no additional licensing required.  If you are using a SIP registrar such as CUCM or VCS, then you need to look at licensing on the registrar; but no licensing is required on the endpoint.

For Internet H.323 calls, I assume you will be dialing by IP address, with no H.323 Gatekeeper.  Correct?  This works fine, but please observe some best practices:

1) Put a strong admin password on the SX20.  I cannot overstate the importance of this.

2) You can protect ports 0-1023 by putting the SX20 behind a firewall and using Static NAT.  All other ports must be open.

3) If you can't put it behind a firewall, then give it a public IP address but be sure to use a very strong admin password.  The box is secure as long as you prevent bots from logging in (which they will do with a weak password).

Our recommendation for H.323 Internet calls is to use a VCS Expressway box, as an H.323 Gatekeeper, located out in the Internet.  Then the SX20 can stay behind a firewall on a private network with RFC 1918 addressing.  It registers for H.323 services directly to the VCS Expressway.  It can be called by URI dialing.  If you want to go this route, please contact a Collaboration SE for design guidance.

regards/enrico

arvienmb12
Level 1
Level 1
In response to Enrico Conedera

‎01-22-2014 06:56 PM

Hi Enrico,

Thanks for your response. If  we use Cisco VCS Express Starter Pack, do we really need Dual-Nic option key to work? If no Dual-Nic option is included in the box, any idea where to place the VCS in order to call from Internal to Public using H.323?

Best Regards,

Arvie

0 Helpful

Enrico Conedera
Cisco Employee
Cisco Employee
In response to arvienmb12

‎01-24-2014 11:55 AM

The Dual Nic option is not really needed in order to use firewall traversal on a VCS-E. 

It is mostly used for highly secure environments where the VCS lives inside a DMZ and there is a requirement for two IP addresses on the box.  But the most simple implementation is to give it a public IP address, and then use the firewall to protect ports 0-1023.  There are various implementation guides that explain all these details up on cisco.com.

0 Helpful

Danny Cheng Chee Wah
Level 1
Level 1
In response to Enrico Conedera

‎07-21-2014 04:11 AM

Hi Enrico,

Just to confirm that if calls are dialed via IP address, they're running on H.323 protocol? Previously, the SX20 were set with static Public IP and able to make/receive calls from Public. No other settings except the IP address of the SX20.

Recently, we installed an ASA5505 between ISP and SX20. On the firewall, static one-to-one NAT configured properly and for testing purposes we open all ports to it. Tested to access the SX20 via https://<Public IP> and able to do so. However, it is not able to receive calls from Public, but can make calls to Public.

Any other settings need to be done on the SX20? Searched online and seems that the settings below is needed on the SX20?

Configuration->Advance Configuration->H323->Profile 1->Callsetup Mode: Direct

Configuration->Advance Configuration->H323->Profile 1->PortAllocation : Static

Configuration->Advance Configuration->H323->NAT->Address : Public_IP_SX20

Configuration->Advance Configuration->H323->NAT->Mode: Auto

Appreciate your kind advise on this.

Thank you.

-----

Regards,

Danny Cheng

0 Helpful

Enrico Conedera
Cisco Employee
Cisco Employee
In response to Danny Cheng Chee Wah

‎07-21-2014 11:56 AM

Hi Danny -

The NAT settings you have on the endpoint are correct. You might try H323->NAT->Mode: On instead of "Auto" as a test.

NAT settings on the codec apply to H.323 only, not SIP. I suggest:

* Verify your firewall port settings:

     ** All ports are actually being forwarded (you can block ports 0-1023)

     ** H.323 protocol awareness should be turned OFF (this might be your problem)

* Make sure the inbound call from Public is actually using the H.323 protocol and not SIP

* Verify the software version on the SX20. You should be using the latest dot release within the major software family. For TC6, you should use TC6.3.2. For TC7, you should use TC7.1.4.

Also, you say "not able to receive calls from Public", but does that mean that call setup doesn't work at all? This might indicate H.323 protocol awareness is turned on, in the ASA firewall, and this needs to be disabled. But if call setup works and you don't get media, then there is still a NAT setting on the firewall that is not correct.

0 Helpful

Danny Cheng Chee Wah
Level 1
Level 1
In response to Enrico Conedera

‎07-21-2014 04:35 PM

Hi Enrico,

I have yet to test the NAT settings, but will do so today.

* Verify your firewall port settings:

     ** All ports are actually being forwarded (you can block ports 0-1023) >> One-to-one NAT done from Public to LAN and policy has been set to allow all ports for now.

     ** H.323 protocol awareness should be turned OFF (this might be your problem) >> You meant the 'inspect h323' in ASA5505?

* Make sure the inbound call from Public is actually using the H.323 protocol and not SIP >> How can I verify this from my end? Cause I'm not sure if the other party knows how to check.

* Verify the software version on the SX20. You should be using the latest dot release within the major software family. For TC6, you should use TC6.3.2. For TC7, you should use TC7.1.4. >> To download the software, do I need a valid Cisco contract? Cause the device was bought without any support.


I'm still new in this, thus what do you mean by call setup doesn't work? Anyway, when the SX20 was set to a static LAN IP, on the top left corner of the video screen, it is showing 'Not Registered (x.x.x.x)'. Will this be an issue?

-----

Regards,

Danny Cheng

0 Helpful

Shams Rishad
Level 1
Level 1
In response to Enrico Conedera

‎02-10-2018 03:25 AM

Hi Enrico,

I have two endpoints, SX10 and SX20. No CUCM/VCS, standalone deployment. Protocol: H.323.

You have said about strong admin password, where do I put this password and what will happen when I put it?

Also I've been able to place calls between the two endpoints (both in my LAN) and have also performed static NAT on both of these devices.

There are some test sites that hosts running video conferencing units, and I've tried calling those units, but failed. What's your opinion? Thanks in advance.

Rishad

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents