01-08-2014 05:25 AM - edited 03-18-2019 02:23 AM
Hi
I want to use EX90 to make a video call over an internet connection. The EX90 is installed behind a home DSL router. The DSL router is using a static Public IP address whereas the EX90 is in the private address space. The DSL router performs the NAT
But when i try to make a video call, the call gets connected but i do not see any video and in the diagnostics i see only one way audio going out from my device.
do we need any specific configuration on the EX90 to work in this scenario ?
Do i need to configure the DSL router's public address as the H323 NAT address for this to work?
Thanks
Ambi
Solved! Go to Solution.
01-08-2014 06:16 AM
If you had some other config on it before I would start with a factory default reset.
I would disable SIP:
xconfiguration NetworkServices SIP Mode: Off
And configure NAT:
xConfiguration H323 NAT Mode: auto
xConfiguration H323 NAT Address: "88.66.55.33"
xConfiguration H323 Profile 1 PortAllocation: Static
As you said, from 88.66.55.33 ports shall be forwarded to 192.168.1.10
These are the required ports:
For H.323 direct calls the used ports are:
or if you want to use dynamic: H.245(Dynamic): Port Range 11000-20999 (TCP)
*Configurable by "RTP Ports Range Start" and "RTP Ports Range Stop"
Please remember to rate helpful responses and identify helpful or correct answers.
Please remember to rate helpful responses and identify
01-08-2014 06:28 AM
Thanks Martin
Is it necessary to change the port allocation to static ? The DSL is doing PAT and iam not sure whether it will support port translation etc . will check it out tomo
Will it be necessary even for only outgoing calls from home EX90 and no requirement for incoming call (call will always be initiated from home EX90)
01-08-2014 05:40 AM
Hi Ambi,
if you could let us know a bit more about your deployment?
In general a EX90 will work find behind NAT without a specific port forward, registered to a VCS-E.
Regards CUCM and collaboration edge, better ask the EFT team.
If its just for non registered calls via h323 and ip, yes you would need to configure the external
nat ip address on the endpoint
Other deployment types might not be supported.
Besides that check that no h323 or sip protocol awareness is active on the router.
Please remember to rate helpful responses and identify helpful or correct answers.
Please remember to rate helpful responses and identify
01-08-2014 05:46 AM
Martin
Its a standalone deployment with no registration to either the VCS-E or CUCM and to be used for non registered calls over IP
what should be the exact configuration on the codec for this
eg
dsl router public address = 88.66.55.33
codec ip address (private) = 192.168.1.10
01-08-2014 06:16 AM
If you had some other config on it before I would start with a factory default reset.
I would disable SIP:
xconfiguration NetworkServices SIP Mode: Off
And configure NAT:
xConfiguration H323 NAT Mode: auto
xConfiguration H323 NAT Address: "88.66.55.33"
xConfiguration H323 Profile 1 PortAllocation: Static
As you said, from 88.66.55.33 ports shall be forwarded to 192.168.1.10
These are the required ports:
For H.323 direct calls the used ports are:
or if you want to use dynamic: H.245(Dynamic): Port Range 11000-20999 (TCP)
*Configurable by "RTP Ports Range Start" and "RTP Ports Range Stop"
Please remember to rate helpful responses and identify helpful or correct answers.
Please remember to rate helpful responses and identify
01-08-2014 06:28 AM
Thanks Martin
Is it necessary to change the port allocation to static ? The DSL is doing PAT and iam not sure whether it will support port translation etc . will check it out tomo
Will it be necessary even for only outgoing calls from home EX90 and no requirement for incoming call (call will always be initiated from home EX90)
01-08-2014 06:52 AM
hmm, that should not have been endorsed, ... anyhow, it does not matter, you can also run it on dynamic,
but then you need more ports.
You need to have a mapping of these ports 1:1 for all or n:n for just some, but at least the port on the
public ip needs to be forwarded to the internal ones.
If you use 1:1 please use secure passwords on your system and think of disabling services which
you do not need (http(s)/telenet/ssh) and see that you can block these unused ports in the firewall).
Important is that the router is not trying to do any magic on the h323 packages or mangles timeouts.
Please remember to rate helpful responses and identify helpful or correct answers.
Please remember to rate helpful responses and identify
01-08-2014 07:15 AM
Will check this out and let you know how it goes
thanks again
01-08-2014 08:49 AM
As Martin said, you can configure your ADSL router to forward only the specific ports to your EX90, or configure to perform NAT 1 to 1. If am not wrong, you will find some option called "DMZ" or something like that, this is normally related to NAT 1 to 1. I would recommend using port forwarding instead of NAT 1 to 1, just because you can avoid external users to access the managment ports (HTTP, SSH, SNMP and so on). Or you can configure NAT 1 to 1 and configure your ADSL router to block certain ports, if it has built-in firewall feature.
It would be great if the Cisco telepresence endpoints had support for UPNP protocol, so that they would be able to dynamically ask the router to open and redirect the proper ports, without needing to make manual configuration on the router itself, just like Skype, Utorrent and so many other programs do.
Maybe Cisco has not implemented this feature because this kind of deployment is not common, as the telepresence solution is more related to corporative environments, even the desktop endpoints.
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
01-08-2014 10:47 AM
Paulo, nice to see you back again ;-)
Besides the fact that I dislike upnp due to various security issues on the devices using it,
there is an option on at lest the EX90 and its there for some software versions now.
As its experimental there is not much documentation, but if you check the experimental section
of the EX90:
xconfiguration Experimental NetworkServices UPnP ?
*? xConfiguration Experimental NetworkServices UPnP Mode:
*? xConfiguration Experimental NetworkServices UPnP Timeout: <0..3600>
I prefer to use port forwards for the specific used ports.
Or much better, use the EX90 and register it to a VCS-E or in the future Expressway Edge
Please remember to rate helpful responses and identify helpful or correct answers.
Please remember to rate helpful responses and identify
01-08-2014 10:54 AM
Hey Martin,
Thanks for your reply. Have you already tested this supposed UPNP feature? Now I am curious about that, as I was not aware about UPNP support for tandberg endpoints.
I agree with you, as I said, port forwarding is the best option indeed.
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
01-09-2014 05:07 PM
Hi Paulo,
The UPNP support has been there for a long time (it was available in TC4.1). It's always been in the "Experimental" section, so isn't something that I'd necessarily rely on in a prodoction environment, but could be worth a try to see if it assists.
Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
Please remember to mark helpful responses and to set your question as answered if appropriate.
01-11-2014 09:04 AM
Thanks Martin
i was able to make it work with your suggestions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide