Re: Polycom ViaVideo behind a Pix515 - Page 2

mperez · ‎03-04-2002

I have a Polycom Viavideo behind a Pix515 (IOS6) with NAT and a static mapping. I can't make any type of calls eventhough after I completely opened the firewall for all tcp and udp ports. Does anyone get this to work??

Viavideo is configured to used fixed ports as the remote system (Polycom viewstation 512).

Please advise...

Note: Polycom website states that they have tested and it works with pix firewall. However, they don't give you much details.

Thx,

Moises Perez

dasberry · ‎03-03-2003

Yes, after honoring the 100 or so requests please add mine for distribution.

dennis_asberry@kcmo.org

Thanks in advance...

pvasile · ‎03-17-2003

Hello,

I am having this very problem. Could you send me the document at well?

Thanks in advance

Peter Vasile

pvasile@synqor.com

phoffswell · ‎03-18-2003

Heads up to you all -

Nobody's responding to requests for this documentation, and I've never seen it. But I have gotten my Polycom units to work behind a firewall.

Trick here is, you cannot have the units accept inbound (through firewall) connects, AND trusted network connects at the same time.

When configured to accept inbound connections from the firewall, the polycom unit sets parameters on the firewall menu to inject the proper ip address into the h323 packet. When this is set, the unit will not communicate on your internal lan. Numerous calls to Polycom confirmed this. h323 puts ip addressing into the packet payload, that NAT will miss. Polycom gets around this by the firewall menu adjustment.

We have chosen the normal configuration. Put them all inside, and communicate with each other in the non-firewall-configured-mode. To make internet-based connections, simply origitate the call from the local polycom unit.

If you re interested in configuring a polycom unit to be visible from the internet, and behind your firewall, I used the configuration on the polycom website (search their knowledgebase for pix).

Also experiment with the fixup protocols. The newer versions of PIX code have made the fixup function better. It may help.

I hope this helps!

sconnolly · ‎03-17-2003

Could you please send me the document that explains how to get Poycoms working behind a Pix. Thanks.

Steve Connolly

sconnolly@aisnets.com

tcooper · ‎05-08-2002

Moises,

I have several of this same config working with no problem. Some of the details are as follows...

IOS 6.1.1,

no fixup protocol h323 1720,

static NAT mapping (as you said)

access-list for inbound ports tcp/udp 1720 and range from 3230 - 3235

ViaVideo software version 3.0

ViaVideo firewall settings for NAT

DO NOT auto detect WAN IP address, type in the outside address you are using

use fixed ports (as you said)

at this point when the viavideo software starts up, you should see the OUTSIDE IP address in the window at the bottom of the screen.

hope this helps, todd

rrushing · ‎05-20-2002

We're running 5.2 IOS on the PIX 520. From the previous message, I assume you mean to ??

1) disable the h323 fixup statement

2) create a conduit for TCP 1720

3) create conduits for UDP 3230-3235

for each static NAT address

Thanks

==Ron==

rrushing@esc7.net

tcooper · ‎05-22-2002

correct, but I wouldn't try this with anything before 6.0.

todd

b.harrison · ‎05-08-2002

Does you PiX support H.323?

jpijpers · ‎05-27-2002

Hello,

I'm testing multiple H323 products (Polycom, Picturetel,...) and

also have problems making it work with firewalls/Nat...

Qould you please forward the document to me which explanes how to

configure your pix firewall?(jopi@telindus.be)

Thanks,

Jorrit

myildirim · ‎06-16-2002

Hello,

I had the same problem with polycom behind a NAT,if you don't use fix ports for both sides it works (this is written in polycom docs).

Regards,

pcarter · ‎06-17-2002

I am having the same issues with a PIX 501. Has anyone gotten this to work properly? It seems that the fixup protocol h323 [port] should help but it doesn't seem to make any difference. I'm using a static command to the h323 terminal and I can access the web interface but cannot send or receive calls.

pcarter · ‎02-27-2003

The current PIC code 6.2.x and previous support H.323 version 2 with is really for voice over IP applications. Video uses H.323 version 4 (note: these seem like blanket statements but I'm sure this is not true in all cases). The next version of PIX code - 6.3 is supposed to support H.323 version 4. Hopefully with this release the fixup protocol H323 should work properly

tcooper · ‎03-18-2003

I would be interested to see what Cisco is sending out that gives the step by step procedures. Because I have about thirty of these exact installations and they all work fine. Just curious...

thanks

todd cooper

telehealth network coordinator