Re: H.323 (T.120) issues

rickan2000 · ‎01-30-2003

Hi everyone,

I have set a H.323 Gatekeeper+proxy (IOS 12.2 MCM on a cisco 2600) behinde a PIX firewall. All H323 traffice from internal clients should be proxied. Vocie and video work fine, both signalling and streaming are proxied and I only have to open port 1719 and 11720 for the proxy.

However t.120 doesn't work. The proxy gives a random port (let's say 17226) to the calling party instead of the well known port 1503. (within h245 openLogicalChannelAck) Futhermore, all tcp connection requests from the calling party to this given port (e.g. 17226) are dropped by the pix.

Doesn't the pix inspect h245 messages? Why can the logical channels for video and audio be established but not for T.120?

Any hints would be highly appreciated.

Rickan

mchin345 · ‎02-05-2003

Hi Rickan,

H.245 is a functionality included in H.323 ver 2 for call synchronization and reduced setup time etc.

Only Pix Firewall version 5.3 and higher can support the second version of H.323; So just checkout the version that you are using.

The following URL might help you to a very great extent.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb727.html#1075333

rickan2000 · ‎02-06-2003

Hi,

thank you very much for your reply. I have turned on fixup h323 ras and fixup h323 h225 11720. As mentioned there is no problem with voice and video. H245 logical channels can also be established. But Chat, White borad and file transfer don't work.

At the PIX I see some TCP-Request to the port which should used for T.120 are refused. Since the Cisco MCM Proxy uses a dynamic port instead of 1503, there is no way to open this port with ACL.

Regards

Rickan