Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
0
Helpful
1
Replies

ZBF + NAT + H323

sharlino
Level 1
Level 1

‎05-11-2016 06:06 AM - edited ‎03-12-2019 06:09 PM

Hello!
I have: router 3845, C3845-ADVIPSERVICESK9-M, Version 12.4(24)T6
I want: make H.323 calls through the NAT.

I have read this https://www.cisco.com/c/en/us/td/docs/ios/12_4t/ip_addr/configuration/guide/htnatalg.html and this https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/12-4t/nat-12-4t-book/iadnat-applvlgw.html

As i understood, ZBPF can inspect H.323 suite of protocols and do NAT of H.323 suite correctly.

My ZBF config is:


class-map type inspect match-any FW-CLASS
 match protocol h323
 match protocol h225ras
 

policy-map type inspect FW-POLICY
 class type inspect FW-CLASS
  inspect
 class class-default
  drop

zone security INSIDE
zone security OUTSIDE


zone-pair security INSIDE-to-OUTSIDE source INSIDE destination OUTSIDE
  service-policy type inspect FW-POLICY

Interfaces are assigned to appropriate zones. During the H.323 call, i doing packet capture (wireshark) and see that Cisco 3845 does not correctly translate IP address embedded in payload of H.245 protocol. The openLogicalChannel message still contains inside local address.
My question is: have i missed something important in my configuration for accomplish my task?
Any help will be very appreciated! Thank you for your time )

Labels:
0 Helpful
1 Reply 1

sharlino
Level 1
Level 1

‎05-13-2016 12:43 AM

Problem is solved. Upgraded to 15.1(4)M7 and everything is good now ( with the above configuration).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card