Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
876
Views
0
Helpful
1
Replies

cannot share my desktop

Omar Abdelhalim
Level 1
Level 1

‎11-16-2012 05:13 PM - edited ‎03-18-2019 12:08 AM

Dear All,

i have a VC system "Tandbger C60 Model", and ASA firewall. C60 unit is in the inside zone of the firewall and mapped to real IP, from the outside anyone can call me and make avideo call and share his presentation "desktop" without any problem, and also when I make a call is works well, but the problem when trying to share my desktop to the other site, he didn't see the presentation and the call will disconnect after a few seconds.

Hint:

when the VC system put directly to the router with real IP it works well bidirectional.

ASA config:

ASA Version 7.0(8)

!

hostname CRFW

domain-name CR.org

enable password ja7JlGww/OCQtJ0v encrypted

passwd zv/jqe4Rp2ry75// encrypted

names

dns-guard

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 196.221.68.97 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.10.65 255.255.255.0

!

interface Ethernet0/2

nameif DMZ

security-level 40

ip address 10.0.0.1 255.255.255.0

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

management-only

!

ftp mode passive

access-list vc_daks_acl extended permit tcp any host 196.221.68.100 eq https

access-list vc_daks_acl extended permit tcp any host 196.221.68.100 eq h323

access-list vc_daks_acl extended permit udp any host 196.221.68.100 eq 1719

access-list vc_daks_acl extended permit udp any host 196.221.68.100 range 2326 2485

access-list vc_daks_acl extended permit tcp any host 196.221.68.100 range 5555 5574

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

icmp permit any echo-reply outside

asdm image disk0:/asdm-508.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 196.221.68.100 192.168.10.30 netmask 255.255.255.255

access-group vc_daks_acl in interface outside

route outside 0.0.0.0 0.0.0.0 196.221.68.96 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username admin password 78oT4ziTSBGKRwvH encrypted privilege 15

username shereif password biVxeeF8XD3bj8xW encrypted privilege 15

http server enable

http 192.168.10.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet 192.168.10.0 255.255.255.0 inside

telnet timeout 15

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

  inspect dns maximum-length 512

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global

Cryptochecksum:877d1f83588a0db98a4e9db5eee70038

: end

please, everyone help me to solve this issue...

Thanks

Omar Mahmoud

Labels:
0 Helpful
1 Reply 1

Rafal Szeremeta
Cisco Employee
Cisco Employee

‎12-09-2012 08:11 PM

Hello Omar

Is that with H323 only, not SIP? If that is the case look like you hitting CSCsg93482

Symptom:

H.329 protocol is not supported for video conferencing on the PIX/ASA platforms.

Conditions:

PIX/ASA running 7.X code where H.323 endpoints are both inside and outside of the firewalls successfully making dial in and dial out calls from the H.323 endpoint using H.225, H.245, and H.263 protocols. When we try to establish H.239 communications after the video call is established, the H.239 failed.

Upgrade of your ASA to 7.2(1) 98.2(0.71)M should fix this.

Please check our Cisco Bug Toolkit.

Thank you

Rafal

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents