Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1385
Views
5
Helpful
5
Replies

Issues with Avaya IP phones & PIX 515

Go to solution
b1ackb1rd
Level 1
Level 1

‎03-03-2005 03:18 AM - edited ‎02-20-2020 11:59 PM

I have a setup where an Avaya MedPro/CLAN is connected to DMZ with Avaya IP phones on the inside LAN, even with H323/225/323RAS fixup’s enabled and a access rule from DMZ to inside the IP phones don’t get registered. When IP is enabled from MedPro/CLAN to inside the phones start working.

The PIX OS I have is 6.3(1), what is going on here? Any insight would be much appreciated.

Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kleo
Level 3
Level 3

‎03-13-2005 11:35 PM

Disable any h.323 fixup, it doesn't work with the avaya gatekeeper "clan"

no fixup protocol h323 h225 1720

no fixup protocol h323 ras 1718-1719

then ensure

your static (inside,dmz) is setup correctly and any ACLs have tcp 1719/1720 open

Also, open udp port range that match your avaya server configuration "network region".

View solution in original post

0 Helpful
5 Replies 5

Go to solution
umedryk
Level 5
Level 5

‎03-10-2005 07:54 AM

You need to disable the per-user based authentication if you have a concetrator in between.

0 Helpful

Go to solution
b1ackb1rd
Level 1
Level 1
In response to umedryk

‎03-13-2005 06:53 PM

Thank you very much for your reply... but I do not have authentication configured.

0 Helpful

Go to solution
kleo
Level 3
Level 3

‎03-13-2005 11:35 PM

Disable any h.323 fixup, it doesn't work with the avaya gatekeeper "clan"

no fixup protocol h323 h225 1720

no fixup protocol h323 ras 1718-1719

then ensure

your static (inside,dmz) is setup correctly and any ACLs have tcp 1719/1720 open

Also, open udp port range that match your avaya server configuration "network region".

0 Helpful

Go to solution
b1ackb1rd
Level 1
Level 1
In response to kleo

‎03-20-2005 07:14 PM

Ok finally the issue is resolved... here's what was done. The firmware on the IP phones were updated to the latest version & following rules were applied on the firewall. Please note that the fixup was NOT disabled in this instance...

From TCP/UDP To TCP/UDP

CLAN udp/1719 Any udp/Any

Any udp/any CLAN udp/1719

CLAN tcp/1720 Any tcp/any

Any tcp/any CLAN tcp/1720

MedPro udp/2048-3028 Any udp/any

Any udp/any MedPro udp/2048-3028

Any IP Phone udp/any DNS server udp/53

Any IP Phone udp/68 (bootpc) DHCP server udp/67 (bootps)

DHCP server udp/67 (bootps) Any IP Phone udp/68 (bootpc)

Any Avaya device ICMP echo Any

Any ICMP echo reply Any Avaya device

For the remote LSP these are the rules:

Ent. Interface tcp/any LSP tcp/514

LSP tcp/514 Ent. Interface tcp/any

LSP tcp/any Ent. Interface tcp/512-1023

Ent. Interface tcp/512-1023 LSP tcp/any

Everything works great now.. thanks for all the help

Cheers.

Go to solution
kleo
Level 3
Level 3
In response to b1ackb1rd

‎03-21-2005 03:55 PM

cool, it works, but what i don't see is the h.248 signaling ports for the gateway(g700) with LSP.

Encrypted H.248 is TCP/1039

Unencrypted h.248 is TCP/2945

Also an FYI if

Both primary and LSP running Avaya CM2.x or higher

TCP 514-1023 no longer needed use just TCP 21873 for file synchronization.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card