Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1087
Views
0
Helpful
3
Replies

Polycom HDX8000 and Cisco ASA 5512

gilbert.van.hemert
Level 1
Level 1

‎01-28-2013 01:17 AM - edited ‎03-18-2019 12:30 AM

Hi all,

We have a Polycom HDX8000 for video conferencing and a Cisco ASA 5512 firewall.

We have to open ports for video conferencing, but we can't manage to get it work.

When we callout from inside to outside everything works fine, but from outside to inside the people cannot reach us.

We have opened ports 1720 TCP, 3230-3243 TCP and 3230-3285 UDP using a ASA 5505 guide.

Do we forget anything? We also have a Netgear router behind our firewall: Outside > ASA > NETGEAR > Inside

De we need to open the same ports on the Netgear?

Labels:
0 Helpful
3 Replies 3

etamminga
Spotlight
Spotlight

‎02-02-2013 03:01 AM

Hi,

If the netgear is running a firewall or doing NAT, then you need to do the same on the netgear router.
Unless required by some other requirement, I would not run a firewall/NAT behind a firewall.

Regards,
Erik

Sent from Cisco Technical Support iPad App

0 Helpful

wajid dabir
Level 1
Level 1
In response to etamminga

‎06-21-2013 11:27 PM

Erik,

I am facing the same issue,in my case my WAN link is coming to firewall and from firewall to VC via L2 switch.

i am using a cisco 5505 firewall and polycom HDX8000 VC.

I can make call from my vc to anywhere but not able to receive any call.

When i try to make call this log is coming

  deny tcp (no connection) x.x.x.x to x.x.x.x 399/3235 flags ACK on interface outside

0 Helpful

etamminga
Spotlight
Spotlight
In response to wajid dabir

‎06-22-2013 10:02 AM

the "deny tcp (no connection)" message is triggered by an incoming packet for a tcp connection that has not started with a "SYN" packet.

Usually this indicates a routing issue (multiple paths, one packet travels besides the firewall and other packet travels through the firewall). because firewalls are statefull devices, they block this session because they cannot see the whole session.

Are mutliple paths possible in your situation?

Also; try to get this working without the protocol fixup's in place. Have a look at your service profiles in ASA and disable any sip/h323/h225/h245 inspections.

Regards,

Erik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents