10-01-2013 06:03 AM - edited 03-12-2019 06:05 PM
Hello all,
I have a router 1812 Version 12.4(15)T16, RELEASE SOFTWARE (fc2). Router is doing NAT.
I have a lifesize videoconference system. Calls with h323 are dropped after 30 seconds.
I have ip inspect rule :
[...]
- ip inspect name SDM_LOW h323
- ip inspect name SDM_LOW h323callsigalt
[...]
interface FastEthernet0
ip address xxx.xxx.xxx.xxx 255.255.255.248
ip access-group 102 in
ip verify unicast reverse-path
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
crypto map SDM_CMAP_1
service-policy input sdmappfwp2p_SDM_LOW
service-policy output sdmappfwp2p_SDM_LOW
When I start a communication, I have
sh ip inspect sessions
Session 85AE7150 (50.59.87.241:60118)=>(192.168.200.200:60016) h323-RTP-audio SIS_OPEN
Session 85AE12C0 (50.59.87.241:60119)=>(192.168.200.200:60017) h323-RTCP-audio SIS_OPEN
Session 85AE39B0 (192.168.200.200:60001)=>(50.59.87.241:62830) h245-media-control SIS_OPEN
Session 841F7CEC (192.168.200.200:60005)=>(50.59.87.241:1720) h323 SIS_OPEN
Session 85AE20A8 (50.59.87.241:60120)=>(192.168.200.200:60018) h323-RTP-video SIS_OPENING
Session 85ADE0B0 (50.59.87.241:60121)=>(192.168.200.200:60019) h323-RTCP-video SIS_OPENING
Session 85AE4D28 (50.59.87.241:60122)=>(192.168.200.200:60020) h323-RTP-data SIS_OPENING
Session 85ADCD38 (50.59.87.241:60123)=>(192.168.200.200:60021) h323-RTCP-data SIS_OPENING
Pre-gen session 85ADA648 192.168.200.200[1024:65535]=>50.59.87.241[60119:60119] h323-RTCP-audio
Pre-gen session 85AD92D0 192.168.200.200[1024:65535]=>50.59.87.241[60121:60121] h323-RTCP-video
Pre-gen session 85ADB6F8 192.168.200.200[1024:65535]=>50.59.87.241[60123:60123] h323-RTCP-data
Pre-gen session 85AD9008 192.168.200.200[1024:65535]=>50.59.87.241[60118:60118] h323-RTP-audio
Pre-gen session 85AE5848 192.168.200.200[1024:65535]=>50.59.87.241[60119:60119] h323-RTCP-audio
Where 192.168.200.200 is local IP and 50.59.87.241 the server I try to reach.
Any idea of what is going on ? Why calls are dropped after 30 seconds ?
Something with NAT ?
10-01-2013 07:35 AM
Hi Oliver,
try to disable h323 inspections, some videoconference systems does not work properly with inspection enabled and nat
hope this helps.
Regards
Sent from Cisco Technical Support iPad App
10-01-2013 08:11 AM
Hi Alessandro.
I turned of h323.
Still the same. Communications shut down after 30 sec
10-01-2013 08:17 AM
Hi Oliver,
you turned off all h323 inspections ?
can you post complete configurtion of your router?
regards
Sent from Cisco Technical Support iPad App
10-02-2013 01:29 AM
Hi Alessandro,
configuration below :
ip inspect tcp reassembly queue length 200
ip inspect tcp reassembly timeout 10
ip inspect name SDM_LOW appfw SDM_LOW
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW http
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW h323callsigalt
ip inspect name SDM_LOW skinny
ip inspect name SDM_LOW sip-tls
ip inspect name SDM_LOW sip
ip inspect name SDM_LOW esmtp max-data 50000000
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW streamworks
WAN_INTERFACE = xxx.xxx.xxx
!
interface FastEthernet0
ip address WAN_INTERFACE.226 255.255.255.248
ip access-group 102 in
ip verify unicast reverse-path
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
crypto map SDM_CMAP_1
service-policy input sdmappfwp2p_SDM_LOW
service-policy output sdmappfwp2p_SDM_LOW
!
Inbound ACL
access-list 102 remark SDM_ACL Category=3
access-list 102 permit tcp any host WAN_INTERFACE.228 eq www log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 443 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 558 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1023 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1024 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1503 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1718 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1719 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1720 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 4001 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 11720 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 17518 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60000 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60001 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60002 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60003 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60004 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60005 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60000 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 1023 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 1024 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 1718 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 1719 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 1720 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 5060 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 17518 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60001 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60002 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60003 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60004 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60005 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60006 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60007 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60008 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60009 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60010 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60011 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60012 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60013 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60014 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60015 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60016 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60017 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60018 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60019 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60020 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60021 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60022 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60023 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60024 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60025 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 3389 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 3389 log
[ Some ipsec rubles]
access-list 102 permit tcp any host WAN_INTERFACE.230 eq 22
access-list 102 permit tcp any host WAN_INTERFACE.230 eq www
access-list 102 permit tcp any host WAN_INTERFACE.227 eq smtp
access-list 102 permit udp any host WAN_INTERFACE.227 eq 80
access-list 102 permit tcp any host WAN_INTERFACE.227 eq www
access-list 102 permit tcp any host WAN_INTERFACE.227 eq ftp
access-list 102 permit tcp any host WAN_INTERFACE.226 eq 1723
access-list 102 permit tcp any host WAN_INTERFACE.226 eq 47
ip nat inside source static udp LAN_INTERFACE 60000 WAN_INTERFACE.228 60000 route-map SDM_RMAP_32 extendable
ip nat inside source static tcp LAN_INTERFACE 80 WAN_INTERFACE.228 80 route-map SDM_RMAP_15 extendable
ip nat inside source static tcp LAN_INTERFACE 443 WAN_INTERFACE.228 443 route-map SDM_RMAP_7 extendable
ip nat inside source static tcp LAN_INTERFACE 558 WAN_INTERFACE.228 558 route-map SDM_RMAP_47 extendable
ip nat inside source static tcp LAN_INTERFACE 1023 WAN_INTERFACE.228 1023 route-map SDM_RMAP_77 extendable
ip nat inside source static udp LAN_INTERFACE 1023 WAN_INTERFACE.228 1023 route-map SDM_RMAP_78 extendable
ip nat inside source static tcp LAN_INTERFACE 1024 WAN_INTERFACE.228 1024 route-map SDM_RMAP_73 extendable
ip nat inside source static udp LAN_INTERFACE 1024 WAN_INTERFACE.228 1024 route-map SDM_RMAP_74 extendable
ip nat inside source static tcp LAN_INTERFACE 1503 WAN_INTERFACE.228 1503 route-map SDM_RMAP_75 extendable
ip nat inside source static tcp LAN_INTERFACE 1718 WAN_INTERFACE.228 1718 route-map SDM_RMAP_86 extendable
ip nat inside source static udp LAN_INTERFACE 1718 WAN_INTERFACE.228 1718 route-map SDM_RMAP_87 extendable
ip nat inside source static tcp LAN_INTERFACE 1719 WAN_INTERFACE.228 1719 route-map SDM_RMAP_42 extendable
ip nat inside source static udp LAN_INTERFACE 1719 WAN_INTERFACE.228 1719 route-map SDM_RMAP_43 extendable
ip nat inside source static tcp LAN_INTERFACE 1720 WAN_INTERFACE.228 1720 route-map SDM_RMAP_28 extendable
ip nat inside source static udp LAN_INTERFACE 1720 WAN_INTERFACE.228 1720 route-map SDM_RMAP_44 extendable
ip nat inside source static tcp LAN_INTERFACE 4001 WAN_INTERFACE.228 4001 route-map SDM_RMAP_72 extendable
ip nat inside source static udp LAN_INTERFACE 5060 WAN_INTERFACE.228 5060 route-map SDM_RMAP_29 extendable
ip nat inside source static tcp LAN_INTERFACE 11720 WAN_INTERFACE.228 11720 route-map SDM_RMAP_71 extendable
ip nat inside source static tcp LAN_INTERFACE 17518 WAN_INTERFACE.228 17518 route-map SDM_RMAP_45 extendable
ip nat inside source static udp LAN_INTERFACE 17518 WAN_INTERFACE.228 17518 route-map SDM_RMAP_46 extendable
ip nat inside source static tcp LAN_INTERFACE 60000 WAN_INTERFACE.228 60000 route-map SDM_RMAP_30 extendable
ip nat inside source static tcp LAN_INTERFACE 60001 WAN_INTERFACE.228 60001 route-map SDM_RMAP_31 extendable
ip nat inside source static udp LAN_INTERFACE 60001 WAN_INTERFACE.228 60001 route-map SDM_RMAP_33 extendable
ip nat inside source static tcp LAN_INTERFACE 60002 WAN_INTERFACE.228 60002 route-map SDM_RMAP_66 extendable
ip nat inside source static udp LAN_INTERFACE 60002 WAN_INTERFACE.228 60002 route-map SDM_RMAP_34 extendable
ip nat inside source static tcp LAN_INTERFACE 60003 WAN_INTERFACE.228 60003 route-map SDM_RMAP_67 extendable
ip nat inside source static udp LAN_INTERFACE 60003 WAN_INTERFACE.228 60003 route-map SDM_RMAP_35 extendable
ip nat inside source static tcp LAN_INTERFACE 60004 WAN_INTERFACE.228 60004 route-map SDM_RMAP_68 extendable
ip nat inside source static udp LAN_INTERFACE 60004 WAN_INTERFACE.228 60004 route-map SDM_RMAP_36 extendable
ip nat inside source static tcp LAN_INTERFACE 60005 WAN_INTERFACE.228 60005 route-map SDM_RMAP_69 extendable
ip nat inside source static udp LAN_INTERFACE 60005 WAN_INTERFACE.228 60005 route-map SDM_RMAP_37 extendable
ip nat inside source static udp LAN_INTERFACE 60006 WAN_INTERFACE.228 60006 route-map SDM_RMAP_38 extendable
ip nat inside source static udp LAN_INTERFACE 60007 WAN_INTERFACE.228 60007 route-map SDM_RMAP_39 extendable
ip nat inside source static udp LAN_INTERFACE 60008 WAN_INTERFACE.228 60008 route-map SDM_RMAP_48 extendable
ip nat inside source static udp LAN_INTERFACE 60009 WAN_INTERFACE.228 60009 route-map SDM_RMAP_49 extendable
ip nat inside source static udp LAN_INTERFACE 60010 WAN_INTERFACE.228 60010 route-map SDM_RMAP_50 extendable
ip nat inside source static udp LAN_INTERFACE 60011 WAN_INTERFACE.228 60011 route-map SDM_RMAP_51 extendable
ip nat inside source static udp LAN_INTERFACE 60012 WAN_INTERFACE.228 60012 route-map SDM_RMAP_52 extendable
ip nat inside source static udp LAN_INTERFACE 60013 WAN_INTERFACE.228 60013 route-map SDM_RMAP_53 extendable
ip nat inside source static udp LAN_INTERFACE 60014 WAN_INTERFACE.228 60014 route-map SDM_RMAP_54 extendable
ip nat inside source static udp LAN_INTERFACE 60015 WAN_INTERFACE.228 60015 route-map SDM_RMAP_55 extendable
ip nat inside source static udp LAN_INTERFACE 60016 WAN_INTERFACE.228 60016 route-map SDM_RMAP_56 extendable
ip nat inside source static udp LAN_INTERFACE 60017 WAN_INTERFACE.228 60017 route-map SDM_RMAP_57 extendable
ip nat inside source static udp LAN_INTERFACE 60018 WAN_INTERFACE.228 60018 route-map SDM_RMAP_58 extendable
ip nat inside source static udp LAN_INTERFACE 60019 WAN_INTERFACE.228 60019 route-map SDM_RMAP_59 extendable
ip nat inside source static udp LAN_INTERFACE 60020 WAN_INTERFACE.228 60020 route-map SDM_RMAP_60 extendable
ip nat inside source static udp LAN_INTERFACE 60021 WAN_INTERFACE.228 60021 route-map SDM_RMAP_61 extendable
ip nat inside source static udp LAN_INTERFACE 60022 WAN_INTERFACE.228 60022 route-map SDM_RMAP_62 extendable
ip nat inside source static udp LAN_INTERFACE 60023 WAN_INTERFACE.228 60023 route-map SDM_RMAP_63 extendable
ip nat inside source static udp LAN_INTERFACE 60024 WAN_INTERFACE.228 60024 route-map SDM_RMAP_64 extendable
ip nat inside source static udp LAN_INTERFACE 60025 WAN_INTERFACE.228 60025 route-map SDM_RMAP_65 extendable
ip nat inside source static LAN_INTERFACE WAN_INTERFACE.228 route-map SDM_RMAP_76
All SMD_RMAP are like this one below
!
route-map SDM_RMAP_32 permit 1
match ip address 141
!
access-list 141 remark SDM_ACL Category=2
access-list 141 deny ip host LAN_INTERFACE 10.0.5.0 0.0.0.31
access-list 141 deny ip host LAN_INTERFACE 10.0.5.40 0.0.0.1
access-list 141 permit udp host LAN_INTERFACE eq 60000 any
10-02-2013 03:19 AM
Hi Olivier,
first i suggest you to group pots you're using in acl in a service group to make your configuration simplest and easiest tor ead.
in most case the issue you're encountering it's port related, so be sure that ports you're permitting on your acl are the same your vdc is using for audio and video traffic. As i know H323 calls uses tcp 1720 port to estabilish connection then a random range of tcp/udp ports for audio and video. In your VDC system you can restrict this random range of ports so it uses always those ports for audio and video traffic.
then i suggest you to try configuring a 1:1 exclusive nat for the vdc system and restrict access from outside just with the acl. Also disable all h323 inspection.
hope this helps.
Regards
Sent from Cisco Technical Support iPad App
10-03-2013 03:24 AM
Hi Alessandro,
So, I turned off h323
ip inspect name SDM_LOW appfw SDM_LOW
ip inspect name SDM_LOW http
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW esmtp max-data 50000000
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW sip-tls
ip inspect name SDM_LOW sip
I removed PAT
RTRSJM#sh run | i ip nat inside source
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip nat inside source route-map SDM_RMAP_3 interface FastEthernet0 overload
ip nat inside source route-map SDM_RMAP_79 interface FastEthernet0 overload
ip nat inside source route-map SDM_RMAP_80 interface FastEthernet0 overload
ip nat inside source route-map SDM_RMAP_81 interface FastEthernet0 overload
ip nat inside source static 192.168.200.200 WAN_INTERFACE.228 route-map SDM_RMAP_76
ip nat inside source static tcp 10.0.1.49 47 WAN_INTERFACE.226 47 route-map SDM_RMAP_83 extendable
ip nat inside source static tcp 10.0.1.49 1723 WAN_INTERFACE.226 1723 route-map SDM_RMAP_82 extendable
ip nat inside source static tcp 10.0.1.59 21 WAN_INTERFACE.227 21 route-map SDM_RMAP_14 extendable
ip nat inside source static tcp 10.0.1.42 25 WAN_INTERFACE.227 25 route-map SDM_RMAP_13 extendable
ip nat inside source static tcp 10.0.1.59 80 WAN_INTERFACE.227 80 route-map SDM_RMAP_5 extendable
ip nat inside source static udp 10.0.1.59 80 WAN_INTERFACE.227 80 route-map SDM_RMAP_9 extendable
ip nat inside source static tcp 10.0.1.42 110 WAN_INTERFACE.227 110 route-map SDM_RMAP_12 extendable
ip nat inside source static tcp 10.0.1.45 3389 WAN_INTERFACE.227 3389 route-map SDM_RMAP_11 extendable
ip nat inside source static udp 10.0.1.45 3389 WAN_INTERFACE.227 3389 route-map SDM_RMAP_8 extendable
ip nat inside source static udp 10.0.1.134 21 WAN_INTERFACE.229 21 route-map SDM_RMAP_26 extendable
ip nat inside source static tcp 10.0.1.134 80 WAN_INTERFACE.229 80 route-map SDM_RMAP_21 extendable
ip nat inside source static udp 10.0.1.134 80 WAN_INTERFACE.229 80 route-map SDM_RMAP_22 extendable
ip nat inside source static tcp 10.0.1.134 443 WAN_INTERFACE.229 443 route-map SDM_RMAP_23 extendable
ip nat inside source static udp 10.0.1.134 443 WAN_INTERFACE.229 443 route-map SDM_RMAP_24 extendable
ip nat inside source static tcp 10.0.1.139 22 WAN_INTERFACE.230 22 route-map SDM_RMAP_85 extendable
ip nat inside source static tcp 10.0.1.139 80 WAN_INTERFACE.230 80 route-map SDM_RMAP_84 extendable
RTRSJM#
route-map SDM_RMAP_76 permit 1
match ip address 188
access-list 188 remark SDM_ACL Category=2
access-list 188 deny ip host 192.168.200.200 10.0.5.0 0.0.0.31
access-list 188 deny ip host 192.168.200.200 10.0.5.40 0.0.0.1
access-list 188 permit ip host 192.168.200.200 any
But I also have dynamic NAT for subnet 192.168.200.0 /24
ip nat inside source route-map SDM_RMAP_79 interface FastEthernet0 overload
route-map SDM_RMAP_79 permit 1
match ip address 193
I still have the issue. Most of the time call ends after 30 sec, but now sometimes call ends after 5 or 6 minutes.
I wonder if i should have put the VDC in a separate VLAN and having only static NAT no dynamic.
Thx for your help.
Regards.
10-03-2013 03:39 AM
Hi Oliver,
what about access-lists? did you checked ports used by VDC for audio and video calls? I see that you have access-list 102 applied on your outside interface, is any access-list applied on inside interface?
Sent from Cisco Technical Support iPad App
10-03-2013 05:08 AM
Hi Alessandro,
Please find below router's and VDC's configuration
RTRSJM#sh ip int brie
Interface IP-Address OK? Method Status Protocol
FastEthernet0 WAN_INTERFACE.226 YES NVRAM up up
Vlan1 10.0.0.254 YES NVRAM up up
Vlan2 192.168.0.254 YES NVRAM up up
Vlan5 192.168.71.1 YES NVRAM up up
Vlan192 192.168.200.1 YES NVRAM up up
RTRSJM#
RTRSJM#sh ip int fa0
FastEthernet0 is up, line protocol is up
Internet address is WAN_INTERFACE.226/29
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 102
RTRSJM#sh ip int vl192
Vlan192 is up, line protocol is up
Internet address is 192.168.200.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
I have ACL in inbound WAN interface and fot NAT.
ACL 102 in the one hereabove.
does it matter if i have static and dynamic NAT for the same adress ?
Dynamic for the subnet and static for the VDC.
ip nat inside source route-map SDM_RMAP_79 interface FastEthernet0 overload
ip nat inside source static 192.168.200.200 WAN_INTERFACE.228 route-map SDM_RMAP_76
VDC configuration
Network • Reserved Ports
UDP Lowest Value: 60000
UDP Highest Value: 60023
TCP Lowest Value: 60000
TCP Highest Value: 60005
Network • NAT
Static NAT: Enabled
NAT Public IP Address: WAN_INTERFACE.228
thx for your help
Regards
10-03-2013 07:20 AM
Hi Olivier,
i think it does not matter if you use both static and dynamic nat, i often use this configuration with polycom VDC systems and they works great!
I noticed you are using an old IOS so i suggest you to upgrade to a15 IOS version then retry.
If you can, post some acl logs captured during a video call.
Regards
Sent from Cisco Technical Support iPad App
10-03-2013 07:37 AM
Hi Qlessqndrom
Unfortunatly I'm not able to dl c181x-advipservicesk9-mz.124-15.T17.bin.
I don't have a service contract
10-03-2013 07:59 AM
hi Olivier,
according to lifesize admin guide
http://www.lifesize.com/~/media/Documents/Product%20Documentation/Video%20Systems/Guides%20and%20Reference/Video%20User%20Administrator%20Guide%2048%20EN.ashx
at page 41 try to enable static nat on your VDC appliance using public ip address you intend to use as outside address.
regards
Sent from Cisco Technical Support iPad App
10-03-2013 09:25 AM
Yes it's already done
Network • NAT
Static NAT: Enabled
NAT Public IP Address: 86.xxx.xxx.228
regards
10-03-2013 09:41 AM
have you ever tried to disable this NAT rule on VDC appliance and make a videocall?
regards
Sent from Cisco Technical Support iPad App
10-14-2013 05:20 AM
Hi,
I disabled NAT on the VDC. I'm not able to make calls anymore.
So I enabled NAT.
Anyway we ordered a new ADSL line dedicated to the visioconf.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide