04-12-2002 12:54 AM - edited 03-12-2019 03:05 PM
Hello,
I have an ATA 186 behind NAT (C 1720). What ports do I have to statically
open so I could "talk" to the gate-keeper on the other side of the NAT ?
I'm using H.323 not SIP.
Is this possible at all ?
Thanx,
Milenko.
04-12-2002 03:22 AM
Take a look at the following documents (search the CCO for the titles):
- NAT support of H.323 RAS
- NAT - Support of H.323 v2 Call Signalling (Fast Connect)
04-12-2002 04:57 AM
OK, i read those document but haven't found the answer.
I have IOS 12.2(4)T3, but I suppose that I should do some configuration to enable this features ? The documents you directed me to has no examples nor command reference :
--------------------------------------------------------------
Configuration Tasks
None
Configuration Examples
None
Command Reference
None
---------------------------------------
The way I see it, router should be content sensitive and when it detects call setup process over NAT it should "dinamiclly" staticaly map coresponding addresses and UDP ports. The problem with h.323 and RTP is that UDP/RTP ports are not "fixed" and could take any value form 1024 to 65535. The side on the public address space can hear me (there is a rtp traffic going) but the side in the private address space can't.
more ideas ?
04-12-2002 11:08 AM
The public can hear you because they have a public IP address. But as you have a private address, the public side can't reply. In fact, your pacts get public addresses when they are NAT'ed; but it seems that NAT is not working on the H.323 layer, so the IP addresses inside the H.323 layer remain private, which means that the public side will never be able to reply.
I haven't worked with NAT x H.323 on the pratical side; I have read just some theory on it. But the IOS router with NAT supports H.323 from a specific version on. I'm not from which version, but the later versions do that. I'm almost sure that, in the H.323 layer, it's not necessary to convert the RTP ports; just the IP addresses.
04-15-2002 04:59 AM
Try permitting the folowing H.323 TCP ports on the PIX:
tcp any any eq 1720
tcp any eq 1720 any.
But you have to keep one thing in mind. If you're using dynamic NAT, than you are going to have a problem because of that very issue that you've mentioned, RTP ports are not fixed. Unless you open the entire RTP port range 16384 to 32767.
Good luck.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide