Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
3
Replies

Can not access a Net Meeting server

timhadley
Level 1
Level 1

‎08-23-2005 03:06 PM - edited ‎03-09-2019 12:14 PM

I have a 1720 router which is configured for VPN and NAT. I'm attempting to connect to an individual on another subnet (not part of my VPN) through Microsoft Net Meeting. I don't have any experience with Net Meeting, but I do know that the other party has had success with other companies connecting to them using this application. I'm not sure why I can't connect, but I suspect that I may need to open or somehow pipe the Net Meeting ports around my VPN ACLs.

Any thoughts or similar experiences?

Labels:
0 Helpful
3 Replies 3

ciscocsoc
Level 4
Level 4

‎08-23-2005 10:46 PM

Dear Tim,

NetMeeting and NAT do not really work together. NetMeeting is based on H.323 and AFAIK it cannot be handled statefully by a 1720.

The ACL will have to be wide-open because some of the ports are allocated dynamically. The following URLs might help with understanding the ports used.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/W2K3InternetMgmt/ebb92bac-b1d2-4ebb-b983-12d1f3fcd84d.mspx

http://www.microsoft.com/technet/prodtechnol/netmting/reskit/netmtg3/part2/chapter4.mspx

You might want to create a separate security zone for NetMeeting PCs - but effectively they will be unprotected.

HTH

Kind Regards

Cathy

0 Helpful

timhadley
Level 1
Level 1
In response to ciscocsoc

‎08-24-2005 02:07 PM

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key XXXX address A.B.C.D

crypto isakmp key YYYY address A.B.C.D

crypto isakmp key ZZZZ address A.B.C.D

crypto isakmp key AAAA address A.B.C.D

crypto isakmp key BBBB address A.B.C.D

crypto isakmp key CCCC address A.B.C.D

crypto isakmp key DDDD address A.B.C.D

!

crypto ipsec transform-set cm-transformset-1 esp-des esp-md5-hmac

crypto mib ipsec flowmib history tunnel size 200

crypto mib ipsec flowmib history failure size 200

!

crypto map cm-cryptomap local-address Serial0

crypto map cm-cryptomap 1 ipsec-isakmp

set peer A.B.C.D

set transform-set cm-transformset-1

match address 110

crypto map cm-cryptomap 2 ipsec-isakmp

set peer A.B.C.D

set transform-set cm-transformset-1

match address 111

crypto map cm-cryptomap 3 ipsec-isakmp

set peer A.B.C.D

set transform-set cm-transformset-1

match address 112

crypto map cm-cryptomap 4 ipsec-isakmp

set peer A.B.C.D

set transform-set cm-transformset-1

match address 113

crypto map cm-cryptomap 5 ipsec-isakmp

set peer A.B.C.D

set transform-set cm-transformset-1

match address 114

crypto map cm-cryptomap 6 ipsec-isakmp

set peer A.B.C.D

set transform-set cm-transformset-1

match address 115

crypto map cm-cryptomap 7 ipsec-isakmp

set peer A.B.C.D

set transform-set cm-transformset-1

match address 116

!

interface FastEthernet0

description connected to Rancho Office

ip address 192.168.0.1 255.255.255.0

no ip proxy-arp

ip nat inside

speed auto

!

interface Serial0

description connected to Internet

ip address A.B.C.D 255.255.A.B

no ip proxy-arp

ip nat outside

no ip route-cache

no ip mroute-cache

no fair-queue

service-module t1 remote-alarm-enable

service-module t1 fdl ansi

crypto map cm-cryptomap

!

router rip

version 2

passive-interface Serial0

network 192.168.0.0

no auto-summary

!

ip nat inside source route-map nonat interface Serial0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

no ip http server

ip pim bidir-enable

!

access-list 100 deny ip 192.168.0.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 100 deny ip 192.168.0.0 0.0.0.255 10.1.2.0 0.0.0.255

access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

access-list 110 permit ip 192.168.0.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 111 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 112 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 113 permit ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 114 permit ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 115 permit ip 192.168.0.0 0.0.0.255 10.1.2.0 0.0.0.255

access-list 116 permit ip 192.168.0.0 0.0.0.255 192.168.4.0 0.0.0.255

!

route-map nonat permit 10

match ip address 100

!

line con 0

exec-timeout 0 0

password xxx

login

line aux 0

line vty 0 4

password xxx

login

!

no scheduler allocate

end

So if i make a static route to a paticular host using:

"ip nat inside source static (host IP) (public IP)" it should work? I only need it for a day.

0 Helpful

ciscocsoc
Level 4
Level 4
In response to timhadley

‎08-24-2005 11:42 PM

Hi Tim,

A static nat as proposed should work.

HTH

Kind Regards

Cathy

0 Helpful
Customers Also Viewed These Support Documents