cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4306
Views
0
Helpful
3
Replies

NAT and h323 in IOS

arturo.reyna
Level 1
Level 1

Hi:

I'm trying to setup a videoconference and I have a 2801 router (12.4(18c)) with NAT configuration between units but It doesn't work. I captured some packets with sniffer and I can see that units are trying to send voice and video information to the real IP address (not natted ip address in router). NAT and h323 is supported in Cisco? Should I apply a specific configuration in router?

Please let me know your comments.

TIA. Regards.

3 Replies 3

Laurent Aubert
Cisco Employee
Cisco Employee

Hi,

We do support NAT and H323:

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a00801af2b9_ps6640_Products_White_Paper.html

If you want to hide the real addresses, your unit should be configured to point to the Outside local or Inside Global address.

Could you describe your topology/configuration and your NAT policy ?

Thanks

Laurent.

Hi,

 

I'm getting the same problem.

I'm using one static NAT 1:1 ip nat inside source static IPoutside IPlocal

When the polycom outside endpoint call H323 to inside endpoint by using IPoutside, the call can establish successfully. The outside endpoint cannot see/hear the endpoint inside. But the endpoint inside can see/hear the endpoint outside.

I'm using Cisco Router 2811. IOS version c2800nm-entservicesk9-mz.151-4.M7.bin

Does anyone know what's problem? Do I need to configure anything else to make this conference working.

Thanks in advanced.

c.captari
Level 1
Level 1

Hi.

I think your problems lies with the fact that by default a cisco router does not know to nat correctly the h.323 protocol, because ports are being generated dynamically inside the H.323 conversations (similar to dynamic port allocation in FTP)

So. The only way to fix this problem in my oppinion is to upgrade your IOS to support IOS Firewall feature (specifically IOS-FW - H323 v3/v4 Support) which is basically able to look inside the h323 packet and decode it.

I advise you to use Cisco Feature Navigator to find an IOS suitable for your platform with this support

Cisco Feature navigator link:

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp (go to Search by feature)

Use the following documentation for more information regarding H.323 in Cisco IOS Firewall . (you basically need to enable ip inspection of h323 protocol to get this working)

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_fwall_h323_supp.html#wp1055468

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: