A20mark
asked on
Video through ISA 2006
We have implemented Microsoft ISA 2006, the problem is that we now cannot video conference through the ISA box using Polycom PVX software from Our satellite office to the main office (the video equipment is set up with a static ip outside our ISA box at the main office). Anybody have any insights? I have worked with the ISA box vendor to open the proper ports etc. but no joy. Yes I suppose we could configure another static IP for the Satellite Office, but this would be an awkward work around, as the two folks who need to use the video conferencing don't have a separate room to go to, they each use the Polycom software from their laptops at their desks.
Your issue is likely to be the double natting (I assume you are using ISA in Firewall mode rather than just as a proxy?)
ASKER
Thanks. Yes we are using ISA as Firewall. I've talked to the Polycom folks and they've informed me that they haven't been able to get this to work with ISA.
If you open the gui (monitoring - logging - click start query), what do you see when the connection is initiated? Any denies etc?
ASKER
We see a iniitated, then very quick close, no deny.
Well, if the vendor cannot do it then I expect it will stump me too as I have never seen the equipment nor your environment.
An option I would look into for this scenario would be to create a vpn between the two offices so that the equipment becomes effectively on the same network but I think you may be onto a hiding on this one - sorry.
An option I would look into for this scenario would be to create a vpn between the two offices so that the equipment becomes effectively on the same network but I think you may be onto a hiding on this one - sorry.
ASKER
Thanks, I already have a site to site vpn setup through the ISA boxes, the boxes can initiate the call, briefly connect then disconnect, I am going to call the MS folks and see what they have to say.
So what traffic are you letting through the VPN? If its site-to-site, you can still monitor the traffic through the ISA realtime log viewer. Do you see any denies/drops in there?
Hello?
ASKER
Sorry for the delay in relplying, Success!! At least going to the Video Conference set up Outside of the Firewall and back. After a call to the MS tech support for ISA, we have it working again. What needs to happen is creation of three access rules, 1. Server publishing rule for Protocol defined with UDP recieve ports 3230-3237 and TCP 3230-3237 Inbound pointing to the internal published target of the Polycom workstation (IP Address). 2. Server Publishing rule for TCP 1720 Inbound, again pointing to the Polycom workstation. 3. Access rule Aloow TCP Outbound, UDP Send ports 3230-3237 and TCP 3230-3237 Outbound.
ISA 2006 supports H.323 version 2, Polycom software supports H.323 version 4, so we can't use Gatekeeper.
Hope this is clear enough, what threw me was the need to publish a specific IP for the workstation.
Thanks for the help.
ISA 2006 supports H.323 version 2, Polycom software supports H.323 version 4, so we can't use Gatekeeper.
Hope this is clear enough, what threw me was the need to publish a specific IP for the workstation.
Thanks for the help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.