Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1563
Views
0
Helpful
3
Replies

VIDEO CONFERENCE WITH POLYCON DOES NOT FUNCION OVER INTERNET

Go to solution
ROGER FERNANDO MAJO ZACARIAS
Level 1
Level 1

‎05-27-2013 08:24 PM - edited ‎03-07-2019 01:35 PM

Hi.

We are making test witch POLYCOM for pass video conferencing from an privete network to internet, but i having problems:

one way audio and video

only ringback during session stablishment

there is not any problem when we make test between private networks.

the network where we are installing the Polycon has an  IPS and firewall.

do you have any tips how to configure CISCO ASA to pass video conference from POLYCOM to remote station located in Internet?

any help wiil be very important for us.

Attn.

Roger Majo

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
suhas_syndrome
Level 1
Level 1

‎06-03-2013 07:55 AM

hi,

i have problem that i can make call to remote end but remote person cant make call to me.min incoming call not working from my end

please help

Regards

Suhas

View solution in original post

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to suhas_syndrome

‎06-03-2013 08:08 AM

Hi,

We have a polycom VC (ip based) at one of locations in ASA/DMZ. Below are the ports allowed/config on the ASA..

static (DMZ,OUTSIDE) x.x.x.x.x 172.20.10.20 netmask 255.255.255.255

!

object-group service POLYCOM_VC

service-object tcp eq h323

service-object tcp eq 1731

service-object tcp range 3230 3235

service-object udp range 3230 3253

service-object udp eq 1718

service-object udp eq 1719

!

object-group network EXT-NTP-SERVERS

network-object host 184.105.192.247

network-object host 67.18.187.111

network-object host 69.36.227.90

!

object-group network EXT-DNS-SERVERS

network-object host a.a.a.a

network-object host b.b.b.b

!

access-list OUTIN extended permit object-group POLYCOM_VC host x.x.x.x

access-list DMZ2IN extended permit udp host 172.20.10.20 object-group EXT-NTP-SERVERS eq ntp

access-list DMZ2IN extended permit udp host 172.20.10.20 object-group EXT-DNS-SERVERS eq domain

access-list DMZ2IN extended permit tcp host 172.20.10.20 object-group EXT-DNS-SERVERS eq domain

We do not have IPS inline, but incase if you notice traffic denial in the IPS long, by pass any --> VC ip outside --> inside direction.

hth

MS

View solution in original post

0 Helpful
3 Replies 3

Go to solution
siddhartham
Level 4
Level 4

‎05-28-2013 02:47 PM

Can you check the below

Do you have an access-list entry on the outside interface of ASA that allow UDP ports from the Polycom station on the internet to come in to your LAN, If the call is initiaed from the remote station.

Do you have H.323 inspect configured on your ASA?

Siddhartha

Siddhartha
0 Helpful

Go to solution
suhas_syndrome
Level 1
Level 1

‎06-03-2013 07:55 AM

hi,

i have problem that i can make call to remote end but remote person cant make call to me.min incoming call not working from my end

please help

Regards

Suhas

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to suhas_syndrome

‎06-03-2013 08:08 AM

Hi,

We have a polycom VC (ip based) at one of locations in ASA/DMZ. Below are the ports allowed/config on the ASA..

static (DMZ,OUTSIDE) x.x.x.x.x 172.20.10.20 netmask 255.255.255.255

!

object-group service POLYCOM_VC

service-object tcp eq h323

service-object tcp eq 1731

service-object tcp range 3230 3235

service-object udp range 3230 3253

service-object udp eq 1718

service-object udp eq 1719

!

object-group network EXT-NTP-SERVERS

network-object host 184.105.192.247

network-object host 67.18.187.111

network-object host 69.36.227.90

!

object-group network EXT-DNS-SERVERS

network-object host a.a.a.a

network-object host b.b.b.b

!

access-list OUTIN extended permit object-group POLYCOM_VC host x.x.x.x

access-list DMZ2IN extended permit udp host 172.20.10.20 object-group EXT-NTP-SERVERS eq ntp

access-list DMZ2IN extended permit udp host 172.20.10.20 object-group EXT-DNS-SERVERS eq domain

access-list DMZ2IN extended permit tcp host 172.20.10.20 object-group EXT-DNS-SERVERS eq domain

We do not have IPS inline, but incase if you notice traffic denial in the IPS long, by pass any --> VC ip outside --> inside direction.

hth

MS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card