09-01-2011 01:00 AM - last edited on 03-25-2019 09:02 PM by ciscomoderator
Hello,
We have implemented a 3945 router for H.323 videoconference purpose.
On LAN side, there is a MCU (Polycom) and on the WAN, many endpoints.
MCU <-> 3945 <-> Internet <-> Endpoints
NAT is implemented on the router.
H.323 security with SRTP is not working when endpoint try to establish videoconference with the MCU. We do not encounter any problem with non-encrypted videoconference.
When we bypass the router (MCU directly connected to Internet), H.323 security with SRTP is working.
We have desactivate all the ip inspect, the acl on all the interfaces but nothing works.
Does the NAT on the router support the h323 security / SRTP ?
In attachment, the result of the debug ip nat for a encrypted session and for a non-encrypted session.
Thanks a lot for your help.
// Version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Sun 18-Jul-10 06:43 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M6, RELEASE SOFTWARE (fc1)
R1-3945 uptime is 39 weeks, 6 days, 17 hours, 4 minutes
System returned to ROM by power-on
System restarted at 15:49:22 FR Tue Nov 23 2010
System image file is "flash0:c3900-universalk9-mz.SPA.150-1.M3.bin"
Last reload type: Normal Reload
...
Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 987136K/61440K bytes of memory.
Processor board ID FCZ1431706Y
4 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
254464K bytes of ATA System CompactFlash 0 (Read/Write)
..
// Configuration
interface GigabitEthernet0/0
description **to WAN**
ip address X.X.X.X 255.255.255.0
ip access-group wan_access_in in
ip nat outside
ip inspect FW in
ip virtual-reassembly
duplex full
speed 1000
!
interface GigabitEthernet1/0
description **to LAN**
ip address 10.27.0.254 255.255.255.0
ip nat inside
ip inspect FW in
ip virtual-reassembly
!
ip nat inside source static 10.27.0.2 X.X.X.Y
09-08-2013 03:18 PM
Hi Alexis,
im having the same issue here, h323 ip phones on remote network and a 39xx ios proxy did you make it work? can you please share the config?
thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide