cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1385
Views
5
Helpful
5
Replies

Issues with Avaya IP phones & PIX 515

b1ackb1rd
Level 1
Level 1

I have a setup where an Avaya MedPro/CLAN is connected to DMZ with Avaya IP phones on the inside LAN, even with H323/225/323RAS fixup’s enabled and a access rule from DMZ to inside the IP phones don’t get registered. When IP is enabled from MedPro/CLAN to inside the phones start working.

The PIX OS I have is 6.3(1), what is going on here? Any insight would be much appreciated.

Thanks.

1 Accepted Solution

Accepted Solutions

kleo
Level 3
Level 3

Disable any h.323 fixup, it doesn't work with the avaya gatekeeper "clan"

no fixup protocol h323 h225 1720

no fixup protocol h323 ras 1718-1719

then ensure

your static (inside,dmz) is setup correctly and any ACLs have tcp 1719/1720 open

Also, open udp port range that match your avaya server configuration "network region".

View solution in original post

5 Replies 5

umedryk
Level 5
Level 5

You need to disable the per-user based authentication if you have a concetrator in between.

Thank you very much for your reply... but I do not have authentication configured.

kleo
Level 3
Level 3

Disable any h.323 fixup, it doesn't work with the avaya gatekeeper "clan"

no fixup protocol h323 h225 1720

no fixup protocol h323 ras 1718-1719

then ensure

your static (inside,dmz) is setup correctly and any ACLs have tcp 1719/1720 open

Also, open udp port range that match your avaya server configuration "network region".

Ok finally the issue is resolved... here's what was done. The firmware on the IP phones were updated to the latest version & following rules were applied on the firewall. Please note that the fixup was NOT disabled in this instance...

From TCP/UDP To TCP/UDP

CLAN udp/1719 Any udp/Any

Any udp/any CLAN udp/1719

CLAN tcp/1720 Any tcp/any

Any tcp/any CLAN tcp/1720

MedPro udp/2048-3028 Any udp/any

Any udp/any MedPro udp/2048-3028

Any IP Phone udp/any DNS server udp/53

Any IP Phone udp/68 (bootpc) DHCP server udp/67 (bootps)

DHCP server udp/67 (bootps) Any IP Phone udp/68 (bootpc)

Any Avaya device ICMP echo Any

Any ICMP echo reply Any Avaya device

For the remote LSP these are the rules:

Ent. Interface tcp/any LSP tcp/514

LSP tcp/514 Ent. Interface tcp/any

LSP tcp/any Ent. Interface tcp/512-1023

Ent. Interface tcp/512-1023 LSP tcp/any

Everything works great now.. thanks for all the help

Cheers.

cool, it works, but what i don't see is the h.248 signaling ports for the gateway(g700) with LSP.

Encrypted H.248 is TCP/1039

Unencrypted h.248 is TCP/2945

Also an FYI if

Both primary and LSP running Avaya CM2.x or higher

TCP 514-1023 no longer needed use just TCP 21873 for file synchronization.

Review Cisco Networking for a $25 gift card