Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
0
Helpful
4
Replies

H.323 Behind NAT

m-markov
Level 1
Level 1

‎04-12-2002 12:54 AM - edited ‎03-12-2019 03:05 PM

Hello,

I have an ATA 186 behind NAT (C 1720). What ports do I have to statically

open so I could "talk" to the gate-keeper on the other side of the NAT ?

I'm using H.323 not SIP.

Is this possible at all ?

Thanx,

Milenko.

Labels:
0 Helpful
4 Replies 4

pborelli
Level 1
Level 1

‎04-12-2002 03:22 AM

Take a look at the following documents (search the CCO for the titles):

- NAT support of H.323 RAS

- NAT - Support of H.323 v2 Call Signalling (Fast Connect)

0 Helpful

m-markov
Level 1
Level 1
In response to pborelli

‎04-12-2002 04:57 AM

OK, i read those document but haven't found the answer.

I have IOS 12.2(4)T3, but I suppose that I should do some configuration to enable this features ? The documents you directed me to has no examples nor command reference :

--------------------------------------------------------------

Configuration Tasks

None

Configuration Examples

None

Command Reference

None

---------------------------------------

The way I see it, router should be content sensitive and when it detects call setup process over NAT it should "dinamiclly" staticaly map coresponding addresses and UDP ports. The problem with h.323 and RTP is that UDP/RTP ports are not "fixed" and could take any value form 1024 to 65535. The side on the public address space can hear me (there is a rtp traffic going) but the side in the private address space can't.

more ideas ?

0 Helpful

pborelli
Level 1
Level 1
In response to m-markov

‎04-12-2002 11:08 AM

The public can hear you because they have a public IP address. But as you have a private address, the public side can't reply. In fact, your pacts get public addresses when they are NAT'ed; but it seems that NAT is not working on the H.323 layer, so the IP addresses inside the H.323 layer remain private, which means that the public side will never be able to reply.

I haven't worked with NAT x H.323 on the pratical side; I have read just some theory on it. But the IOS router with NAT supports H.323 from a specific version on. I'm not from which version, but the later versions do that. I'm almost sure that, in the H.323 layer, it's not necessary to convert the RTP ports; just the IP addresses.

0 Helpful

asapun
Level 1
Level 1
In response to m-markov

‎04-15-2002 04:59 AM

Try permitting the folowing H.323 TCP ports on the PIX:

tcp any any eq 1720

tcp any eq 1720 any.

But you have to keep one thing in mind. If you're using dynamic NAT, than you are going to have a problem because of that very issue that you've mentioned, RTP ports are not fixed. Unless you open the entire RTP port range 16384 to 32767.

Good luck.

0 Helpful
Customers Also Viewed These Support Documents