05-27-2013 08:24 PM - edited 03-07-2019 01:35 PM
Hi.
We are making test witch POLYCOM for pass video conferencing from an privete network to internet, but i having problems:
one way audio and video
only ringback during session stablishment
there is not any problem when we make test between private networks.
the network where we are installing the Polycon has an IPS and firewall.
do you have any tips how to configure CISCO ASA to pass video conference from POLYCOM to remote station located in Internet?
any help wiil be very important for us.
Attn.
Roger Majo
Solved! Go to Solution.
06-03-2013 07:55 AM
hi,
i have problem that i can make call to remote end but remote person cant make call to me.min incoming call not working from my end
please help
Regards
Suhas
06-03-2013 08:08 AM
Hi,
We have a polycom VC (ip based) at one of locations in ASA/DMZ. Below are the ports allowed/config on the ASA..
static (DMZ,OUTSIDE) x.x.x.x.x 172.20.10.20 netmask 255.255.255.255
!
object-group service POLYCOM_VC
service-object tcp eq h323
service-object tcp eq 1731
service-object tcp range 3230 3235
service-object udp range 3230 3253
service-object udp eq 1718
service-object udp eq 1719
!
object-group network EXT-NTP-SERVERS
network-object host 184.105.192.247
network-object host 67.18.187.111
network-object host 69.36.227.90
!
object-group network EXT-DNS-SERVERS
network-object host a.a.a.a
network-object host b.b.b.b
!
access-list OUTIN extended permit object-group POLYCOM_VC
access-list DMZ2IN extended permit udp host 172.20.10.20 object-group EXT-NTP-SERVERS eq ntp
access-list DMZ2IN extended permit udp host 172.20.10.20 object-group EXT-DNS-SERVERS eq domain
access-list DMZ2IN extended permit tcp host 172.20.10.20 object-group EXT-DNS-SERVERS eq domain
We do not have IPS inline, but incase if you notice traffic denial in the IPS long, by pass any --> VC ip outside --> inside direction.
hth
MS
05-28-2013 02:47 PM
Can you check the below
Do you have an access-list entry on the outside interface of ASA that allow UDP ports from the Polycom station on the internet to come in to your LAN, If the call is initiaed from the remote station.
Do you have H.323 inspect configured on your ASA?
Siddhartha
06-03-2013 07:55 AM
hi,
i have problem that i can make call to remote end but remote person cant make call to me.min incoming call not working from my end
please help
Regards
Suhas
06-03-2013 08:08 AM
Hi,
We have a polycom VC (ip based) at one of locations in ASA/DMZ. Below are the ports allowed/config on the ASA..
static (DMZ,OUTSIDE) x.x.x.x.x 172.20.10.20 netmask 255.255.255.255
!
object-group service POLYCOM_VC
service-object tcp eq h323
service-object tcp eq 1731
service-object tcp range 3230 3235
service-object udp range 3230 3253
service-object udp eq 1718
service-object udp eq 1719
!
object-group network EXT-NTP-SERVERS
network-object host 184.105.192.247
network-object host 67.18.187.111
network-object host 69.36.227.90
!
object-group network EXT-DNS-SERVERS
network-object host a.a.a.a
network-object host b.b.b.b
!
access-list OUTIN extended permit object-group POLYCOM_VC
access-list DMZ2IN extended permit udp host 172.20.10.20 object-group EXT-NTP-SERVERS eq ntp
access-list DMZ2IN extended permit udp host 172.20.10.20 object-group EXT-DNS-SERVERS eq domain
access-list DMZ2IN extended permit tcp host 172.20.10.20 object-group EXT-DNS-SERVERS eq domain
We do not have IPS inline, but incase if you notice traffic denial in the IPS long, by pass any --> VC ip outside --> inside direction.
hth
MS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide