Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
0
Helpful
1
Replies

ASA 5500 configuration for VC

aslam.bajwa
Level 3
Level 3

‎08-14-2012 02:41 PM - edited ‎03-11-2019 04:42 PM

Hi All ,

i have to open ports for vedio conferencing in my Firewall configuration , can some advise me the steps to do it successfully .

regards ,

Labels:
0 Helpful
1 Reply 1

Ramraj Sivagnanam Sivajanam
Level 4
Level 4

‎08-18-2012 03:50 AM

Hi Bro

The TCP and UDP ports that needs to be permitted in your FW rules varies according to the VC product manufacturer. For example, if you were using Tandberg (recently acquired by Cisco) the TCP and UDP ports needed to be permitted are as defined in http://www.cisco.com/en/US/docs/telepresence/infrastructure/articles/conferencing_products_conferenceme_ports_used_kb_3.shtml

Generally, the TCP and UDP ports for VC are as listed below;

TCP/389

TCP/1002

TCP/1503

TCP/1720

TCP/1024-65535 & UDP/1024-65535

UDP/1718 - 1719

Note: You could include in your ACL "deny ip any any log" on the last line, to unearth more TCP and UDP ports, assuming they are not listed above.

Sometimes, you may need to disable the default inspects too (but do this as a last resort), assuming you do see packet drops when issuing the command "show service-policy global".

policy-map global_policy

class inspection_default

no inspect h323 h225

no inspect h323 ras

no inspect skinny

no inspect sip

P/S: If you think this comment is useful, please do rate them nicely :-) and select the option "THIS QUESTION IS ANSWERED"

Warm regards,
Ramraj Sivagnanam Sivajanam
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card