MCU 4501 configuration

fb_webuser · ‎04-22-2013

How do i configure my cisco mcu 4501 to be reached by another network with a pubic IP

---

Posted by WebUser Chinwe Katchy from Cisco Support Community App

mahkrish · ‎04-22-2013

Hi, What is the software version installed on MCU 4501.

One of the option is as mentioned below. You can also refer to the 4.3 version administration guide from http://www.cisco.com/en/US/docs/telepresence/infrastructure/mcu/admin_guide/Cisco_TelePresence_MCU_4-3_Product_administration_guide.pdf

Refer to section " Configuring IP routes settings " page 174.

You can enable dual-ethernet (video firewall) option on the MCU to have one Ethernet port on an internal network and the other on a public one.

- go to Network > Port A (or Network > Port B, whichever is the public interface) and check that the MCU is listening on Port 1720 for incoming H.323 calls and SIP ports.

- go to Network > Routes and make sure that you have the routing correctly set such that only internal traffic is routed through the internal interface

- For testing from "outside [Internet] " try telnet MCUPUBLICIPAddress:1720 and ensure you can actually get to port 1720 on the MCU: if not, check any firewalls, etc.

HTH.

BR, Mahesh Adithiyha

CHINWE · ‎04-22-2013

Hello Mahesh,

Thank you for your reply, this was my first option but port B is not activated and needs a License . In the absence of this port what other configuration can i use?

The set up is as stated below:

Ex60- LAN-MCU-ROUCTER-INTERNET.

I have actual done a NAT in the router between a public IP and the private IP of the MCU

mahkrish · ‎04-22-2013

Hi Cham, What is the call control device and software version used in your environment ?

I will check and revert with inputs.

BR, Mahesh adithiyha

CHINWE · ‎04-22-2013

Hello Mashesh

The MCU is 4501 (4.3)(2.81).

My name is Chinwe not Cham.

Thank you so much

mahkrish · ‎04-22-2013

Hi Chinwe, Sorry for the typo of your name. Is the MCU registering to VCS environment ? are using IP dialling to reach your EX60 ? Can you please share more inputs on your testing.

BR, Mahesh adithiyha

CHINWE · ‎04-22-2013

Hello Mahesh,

Sorry for my late response, there is no vcs on this setup. This set up has an ex60, mcu and a router with public ip address which was configured in the router to nat the private ip address for the mcu

The mcu has its gateway as the router IP address and the dns of the isp which is connected to the router.

A conference call was created in the mcu and the people outside the network are calling the mcu.

Is this setup right?

CHINWE · ‎04-24-2013

Hello Mashesh,

I am still awaiting a response from you.

The devices on this setup are:

1. 4501 MCU

2. CISCO ROUTER

3. 2 EX 60

Sateesh Katukam · ‎04-24-2013

Hi Chinwe,

The setup should work without any issues as long as you manage to prevent unauthorized users to create new conference when they diverted to MCU auto attendant.

Regards

Sateesh

CHINWE · ‎04-25-2013

Dear Katukam,

Thank you for your response.

With this current setup calls canot be made to a polycom end point, however the polycom can call my set up but i cannot see or hear anyting on my end while they can see and hear me. What do you suggest i check or do?

Sateesh Katukam · ‎04-25-2013

Hi

You may have to check H323 / SIP Inspection on the NAT router. static nat does not modify the H323/SIP packet and it still contain the private ip of your mcu. It is worth to verify your router configuration.

Sateesh

CHINWE · ‎04-25-2013

Hi,

There is no access control list on the router. Is there any other configuration that can be done?

Sateesh Katukam · ‎04-25-2013

Hi

You may need to use ip nat service h323 commands to make sure that the embedded payload can be NAT.

Here is the link :--

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtnrtsp.pdf

Following config can be used if it missed:

ip nat service H225

ip nat service ras

ip nat service allow-h323-even-rtp-ports

ip nat service allow-h323-keepalive

Please share your router model number and IOS details.

Sateesh

CHINWE · ‎04-25-2013

Hi Katukam,

I will check the configuration and revert

Martin Koch · ‎04-25-2013

Hello Chinwe,

Regards your setup, could you make a drawing of your network and components,

incl. where NAT is done and the network addresses (types).

I wonder is your endpoint, mcu or both behind NAT routers?

To be honest I do not really like the voip NAT handling in routers/algs/firewalls/...

they often mess things up.

The cause of your issue seems to be that NAT is used on the path in between the

endpoint and the MCU.

The integrated gatekeeper of the MCU does not support NAT traversal.

What the router tries is to do is to make the device look like as if it is not behind nat.

If you have any chance, check out the Cisco VCS Expressway (or the Starter Pack version),

that will help you regards NAT deployments and brings you many great features.

Please rate the messages and set the tread to answered if it is.

Please remember to rate helpful responses and identify