11-16-2011 08:16 AM - edited 03-11-2019 02:51 PM
HI can anyone tell me what ports need to be allowed to allow video confrencing through the ASA
can i use nat instead of access lists to do the same
11-16-2011 08:25 AM
Incase of H323.
PORT | TYPE | PROTOCOL | DESCRIPTION |
1719 | Static | UDP | Gatekeeper RAS |
1720 | Static | TCP | Q.931 (Call Setup) |
1024-65535 | Dynamic | TCP | H.245(Call Parameters) |
1024-65535 | Dynamic | UDP (RTP) | Video Data Streams |
1024-65535 | Dynamic | UDP (RTP) | Audio Data Streams |
1024-65535 | Dynamic | UDP (RTCP) | Control Information |
You can use NAT but better not to use.
Thanks
ajay
11-16-2011 08:30 AM
Thanks for the reply ajay but opening so many ports would make the firewall vulnerable.
so how can i do it using nat
11-16-2011 08:40 AM
H323 section of this link might help.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081042c.shtml
11-16-2011 01:19 PM
Hi,
I recently setup a VC (polycom) behind ASA 5510. port requirement may depent on vendor - below are tehe ports I used..
tcp h323 & 1731
tcp 3230 3235
udp 3230 3253
udp 1718 & 1719
Also, once you set up you can do a free test using IPs listed at vtctest.com. As part of security, i disabled 'icmp echo' from outside to this static Nat'd ip.
hth
MS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide