12-29-2012 07:20 AM - edited 03-11-2019 05:41 PM
Hi,
I am encountering some problems setting up my new polycom hdx 8000 behind ASA 5540
I have opened reuired ports through the firewall ( incoming and outgoing). I have enabled inspection h323 on ASA and enabled the option NAT is 323 compatible on Polycom.
3230-3243 tcp
h323 tcp
h323 udp
3230-3285 udp
Here is the problem.
I get connected to the call but I cannot the remote site cannot see and hear me.
But I can see and hear them.
Please can someone help me in this very important matter.
Thanks
12-29-2012 07:34 AM
Hi,
I can't probably give you an exact answer to your problem but I remember some customer once having probems with Polycom devices through Cisco firewalls.
To my understanding one thing recommended is to avoid using the inspect/fixup commands on the PIX/ASA firewall. I think I've also read on a Cisco document that there has been some problems between Cisco firewalls and Polycom devices in general but cant find that document right now.
policy-map global_policy
class inspection_default
no inspect h323 h225
no inspect h323 ras
Or something similiar depending on your firewall software.
You could try the above perhaps.
Have you tried to monitor the logs through ASDM to see if there is anything that is getting blocked while you try to form the connections?
- Jouni
12-29-2012 07:53 AM
12-29-2012 08:08 AM
Hi,
Only special thing about that output is that the ICMP is getting block from "inside" to "outside"
Also since its ICMP Type 3 Code 3 it would seem that the "inside" device is sending some "Port Unreachable" to the host on the "outside".
Is the "inside" Polycom device not accepting some connection and why?
I guess its probably related to some UDP connection not getting through to the Polycom device?
Personally I am not really familiar with video conferencing or its firewall related things. I have only been lately trying to troubleshoot some situations.
I would perhaps also try to take some packet captures on the ASA itself and go through them.
- Jouni
12-29-2012 12:30 PM
12-29-2012 01:19 PM
Hi,
The single log message included in that file seems to be indicating that traffic from the Polycom device is being blocked from leaving from your network to the remote device.
Could you try and open everything for the Polycom device so no access-list is blocking its connections?
Seems you have an ACL named "inside_access_in" attached to the "inside" interface which is blocking some connection.
Could you perhaps for testing purposes open all traffic from the Polycom device to the destination IP address? (if the one in the logs is the only one.
access-list inside_access_in line 1 permit ip host
The source and destination port look a bit wierd (high port as destination) but maybe you could give the above a go and see if it helps.
- Jouni
12-29-2012 02:33 PM
I have also tried by opening all the ports ( incoming and outgoing) but it was the same.
Something weird Really !
Samir
12-30-2012 07:55 AM
I have found a very interesting thing
I assigned public ip address to the LAN interface of my laptop and placed a call to polycom. It was successfully Both way I can see and hear
But when I assigned dhcp private ip to the laptop and placed a call. Then polycom is not able to send audio and video.
Polycom see a private ip address while recieving a call
What is mean by that Can anyone pleas help me. ?
12-31-2012 11:23 AM
Try to set up a static NAT to a dedicated public IP for all ports.
12-31-2012 11:40 AM
Hi,
I have already a static NAT for a fixed public IP allowing all ports. ( outgoing)
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide