Cisco VCS-E No route to destination Unreachable destination H.323 to external IP

l.ivanov · ‎05-11-2017

Hello colleagues,

can someone kindly advise what the rout cause could be?

Description:

Placing video call from VC system in local network to VC system on another network with public IP is not successful, showing status "No route to destination Unreachable destination"

Having a look at the diagnostic logs, We cannot see any traffic going out to the public IP we are trying to reach.

***UPDATE***

issue fixed after reboot. Thanks all

Thanks a lot in advance

Lyubo

Alok Jaiswal · ‎05-11-2017

This means the VC is not able to talk to VC in public world. Make sure that your firewall allows necessary ports. H.323 ports 1720 and also the ports for H.245 media negotiation.

Read the endpoint document to know what ports it used to communicate.

Also since you are on internal network behind a firewall you have to enable H.323 NAT on the internal endpoint so that correct ip's are sent to far end, otherwise you would face media issues.

Regards,

Alok

l.ivanov · ‎05-11-2017

Thank you very much.

The port is indeed 1720 and it is allowed on the firewall. As I spoke with the colleague from networking, he cannot see any activity at all. Will check further.

TA

Lyubo

Alok Jaiswal · ‎05-11-2017

IF they don't see any connection on firewall then may be a routing issue ? not sure.

But try to do a tcp dump or trace-route if the endpoint supports that.

Also make sure that firewall doesn't do a H.323 deep packet inspection and ALG must be turned off for this connections. ALG normally creates problem in such scenario's.

Regards,

Alok

l.ivanov · ‎05-11-2017

Thanks Alok,

will check and give feedback

Justin Ferello · ‎05-11-2017

Lyubo,

Can you copy and paste the search history for this call?

Thanks,
Justin

Thank you,
Justin Ferello
Technical Support Specialist, ScanSource KBZ

l.ivanov · ‎05-11-2017

Hello Justin,

please find hereafter the search and call history. I've changed our system to 123456789, because I'm not sure if I am allowed to make it public and 140.242.250.204 is a policom test IP

************************************

2017-05-11 13:46:57 H323 (Setup) 123456789@video.domain.com 140.242.250.204 No route to destination - Unreachable destination

************************************
2017-05-11T13:46:57.583+01:00 tvcs: Event="Call Rejected" Service="H323" Src-ip="10.***.***.**" Src-port="19041" Src-alias-type="H323"
Src-alias="123456789@video.domain.com" Src-alias-type="E164" Src-alias="123456789" Dst-alias-type="H323" Dst-alias="140.242.250.204"
Call-serial-number="70d564c7-c3ce-4945-82b2-994f91717fbe" Tag="d16039e9-e90b-4bf3-83ec-3e1e55702939" Protocol="TCP"
Response-code="No route to destination - Unreachable destination" Level="1" UTCTime="2017-05-11 12:46:57,583"

Thank you very much

Lyubo

Justin Ferello · ‎05-11-2017

Lyubo,

Is this VCS set to Direct for "Calls to unknown IPs"?

Any alarms?

Thanks,
Justin

Thank you,
Justin Ferello
Technical Support Specialist, ScanSource KBZ

l.ivanov · ‎05-11-2017

Justin,

this is correct - set to direct. No alarms - "unfortunately"

Thanks

Lyubo

Joe Vallender · ‎05-11-2017

Have you tried in the VCS, Maintenance->Tools->Check Pattern or ->Locate to see how the VCS would handle the failing call? It should be sending it to a zone for a trunk to the public internet.

l.ivanov · ‎05-11-2017

Hello Joe,

thank you for your suggestion. Unfortunatelly I coudnt try it, because my colleagues rebootet the device over night and this fixed the issue somehow.

Thanks again for your effort.

Best

Lyubo