Re: NAT & H323 - Page 4

scolombo · ‎12-05-2001

I've a video conferencing application on some hosts inside my network which need to connect to a H323 Gatekeeper outside ( internet )

The internet connection is made via a 1401 router with IOS 12.2.6 .

We tested the configuration with a static nat for one of the internal host.

The connection goes through but at the endpoint our host present itself with its internal IP .

How can we solve the translation problem ?

Thanks

pcarter · ‎06-18-2002

Have you had any luck with H323 over a NAT? I've got a PIX 501 where I'm trying to using static mappings, but the IPs for the static must be in the Gloabl address pool. Nothing works at all unless I've enabled NAT (nat (inside) 1 0 0).

I have used an access list command and I can get external www access to a video terminal on the inside network, but the terminal cannot make or receive a video call.

At wits end please help!!!

tcooper · ‎07-12-2002

If your still having issues with this I may be able to help. Havn't been to the group for awhile.

todd

mhayek · ‎11-07-2002

PLease make sure the OS you are using on the PIX is H323 capable. It needs to be able to read H323 in order for NAT to translate corerectly. I think its version 6.1.3 will do it.

ENable debug Ip packet, and look at the source and destination packets to see if the NAT is working correctly on both sides of the PIX.

If the IP translation is not done right, then you wont get video or voice thru the PIX with NAT.

gcost · ‎11-05-2002

IOS not yet supports any Voip SW except for netmeeting,

Also does not support H323 Version 3, even though version 4 now out....

When may more features and compatibility with other vendors be possible?

dmitry · ‎02-17-2003

I have the same problem, apparently it is a feature called H323 V2 RAS through NAT which never worked (first available in 12.2.2T). I had all the debugs and logs sent to Cisco with an open case, so far no resolution, Cisco TAC engineer said that it may be fixed in 12.3 which is due next year.

If your video endpoint supports "Work via NAT" feature, that will be the only way (the endpoint itself will take care of replacing the IPs inside of RAS messages for the GK registration)

If you have many endpoints inside that have to call each other the Work via NAT is not gonna help because even for the internal calls (endpoint to endpoint inside) the endpoints will use the NAT translation which is not valid inside, the only way would be to deploy a GK inside of your network and then use H323 proxy to communicate to the outside GK and the endpoints.

I'm not sure about one thing - whether the GKs can talk to each other with LRQs via NAT (inside GK to outside GK) although it is not a big problem since you can tell your inside GK to use public IP .

thusain · ‎07-30-2003

Two ways you can do this. First way is to have either the nat device handle changing the ip address in the h225 packets. It could either be a pix, version 6.3 for h323 version 3 and version 4 (you will need to use the fixup protocol for this), or it can be an ALG (application layer gateway) that does the nat.

The second way is to actually have your endpoints modify the packet before it sends it out. The ATA as an example can be set to use a specific address to put in the SDP header or h225 packet it sends out.

Taimoor

dmitry · ‎08-17-2003

Finally the NAT H323 v3/v4 is available on IOS routers in 12.3.2T. That should make things simpler than dealing with H323 proxy.

Any plans on implementing a video IP-to-IP gateways?

Thanks

j_rios · ‎07-31-2003

hi

Can you please email me a copy of the document.

thaks

syscons · ‎09-26-2004

Could you send me this e-mail too?

It's a very important.

alonsoalanoca · ‎10-07-2004

decearia ver el curso gracias

cowardj · ‎04-08-2005

Would you email me a copy of this document also

knmezi · ‎12-23-2005

Alan,

Please I want a copy.

Thx, Knmezi