Adding one more note, i am attempting to initiate a call from the outside to the inside of the NAT.
Main Topics
Browse All Topics
Loading Advertisement...
Question
H.323 Video thru a Cisco NAT
Hi,
I trying to NAT H.323 video through a Cisco 3640 running IOS 12.2. I have a Polycom VS512 with NAT enabled and the outside address configured, and the router configured for a static NAT. I'm getting RAS and Call Setup traffic through the NAT, but the H.245 stream fails to open. I currently have no ACL's on router, however was wondering if I need to one explicitly noting the ports for the further flows? I validated with a sniffer that the H.245 Connect message is using a port within the identified port range in the NAT statement. Config is below...
Thanks
Matt
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Subscribe now for full access to Experts Exchange and get
Instant Access to this Solution
- Plus...
- 30 Day FREE access, no risk, no obligation
- Collaborate with the world's top tech experts
- Unlimited access to our exclusive solution database
- Never be left without tech help again
Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.
- "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
- "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
- "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.
See what Experts Exchange can do for you.
Got a question?
We've got the answer.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
Need individual assistance?
Our experts are ready to help.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Want to learn from the best?
Read articles from industry experts.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Working on a long term project?
Store your work and research.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
What Makes Experts Exchange Unique?
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Trusted by the world's most respected brands.
Faithfully serving IT professionals since 1996.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Free Tech Articles
-
WARNING: 5 Reasons why you should NEVER fix a computer for free.
It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
-
SCCM OSD Basic troubleshooting
SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
-
Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
-
Create a Win7 Gadget
This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
-
Outlook continually prompting for username and password
There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
-
Backup Exchange 2010 Information Store using Windows Backup
There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...
Cloud Class Webinars
- Avoiding Bugs in Microsoft Access
Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
- Top 10 Best New Features in Visio 2010
Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
- IT Consultant Business Secrets Revealed
Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
- Disaster Recovery and Business Continuity
Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
- Organize Your Visio Diagrams with Containers and Lists
Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
- How to Us Objects, Properties, Events and Methods in Microsoft Access
Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...
Join the Community
Give a Little. Get a Lot.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Answers
Oops ignore that top bit, hit enter too quick! lol
Anyway....
H.323 uses a single fixed TCP port (1720) to start a call using the H.225 protocol (defined by H.323 spec) for call control. Once that protocol is complete, it then uses a dynamic TCP port for the H.245 protocol (also defined by the H.323 spec) for caps and channel control. Finally, it opens up 2 dynamic UDP ports for each type of media that was negotiated for the call (audio, video, far-end camera control). This first port carries the RTP protocol data (defined by the H.225 spec) and the second one carries the RTCP data (defined by the H.225 spec).
So, a typical H.323 ViewStation call would use 2 TCP fixed ports (3230-3231) and 6 UDP fixed ports (3230-3235).
As per TCP/IP standards, ports are divided into 3 sections: 0-1023 (privileged ports), 1024-49151 (registered ports) and 49152-65535 (dynamic ports). H.323 specifies the dynamic ports in the dynamic range are open. Polycom has added a feature to its product line that allows the ports to use a fixed ports (instead of dynamic ports) so that it can more easily traverse a firewall. Only the system behind the firewall need to turn on this feature, since the firewall will prevent the audio/video/FECC from the outside to come in unless this is enabled.
In addition, the user must "punch holes" in the firewall using the previously mentioned exact port numbers and exact protocol types for outgoing calls. To receive incoming calls, the user must also punch a hole using the 1720 TCP port.
So on the Viewstation you have enable NAT & Used Fixed Ports?
What version of the software on the Viewstation do you have?
I am not too familiar with the CISCO Router you are using (but will be soon after my CISCO traning!) but the config looks OK. As long as you have created a static map and forwarded the ports listed under the 'viewstation fixed ports' list then you should be able to make calls OK.
I would enabled an access list defining the UDP and TCP ports required by the Viewstation as per above.
Also I know on the CISCO PIX Firewalls they have built in protocols for dealing with VC, on the PIX it can be configured using "fixup protocol h323" and then you would not need to worry about opening all the ports and NAT, as the CISCO device will actively monitor the h323 traffic and dynamically open and close ports are required.
Hope this helps!!
This is what I did to get it working for my Tandberg video confrencing system. It allows users on the outside to view.
access-list outside permit udp any host 208.49.159.193 eq 1718
access-list outside permit udp any host 208.49.159.193 eq 1719
access-list outside permit tcp any host 208.49.159.193 range 5555 5565
access-list outside permit udp any host 208.49.159.193 range 2326 2406
access-list outside permit tcp any host 208.49.159.193 range 2776 2777
access-list outside permit tcp any host 208.49.159.193 eq h323
static (inside,outside) udp 208.49.159.193 1718 10.36.0.38 1718 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 1719 10.36.0.38 1719 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 5555 10.36.0.38 5555 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 5556 10.36.0.38 5556 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 5557 10.36.0.38 5557 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 5558 10.36.0.38 5558 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 5559 10.36.0.38 5559 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 5560 10.36.0.38 5560 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 5561 10.36.0.38 5561 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 5562 10.36.0.38 5562 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 5563 10.36.0.38 5563 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 5564 10.36.0.38 5564 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 5565 10.36.0.38 5565 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2326 10.36.0.38 2326 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2327 10.36.0.38 2327 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2328 10.36.0.38 2328 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2329 10.36.0.38 2329 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2330 10.36.0.38 2330 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2331 10.36.0.38 2331 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2332 10.36.0.38 2332 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2333 10.36.0.38 2333 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2334 10.36.0.38 2334 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2335 10.36.0.38 2335 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2336 10.36.0.38 2336 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2337 10.36.0.38 2337 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2338 10.36.0.38 2338 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2339 10.36.0.38 2339 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2340 10.36.0.38 2340 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2341 10.36.0.38 2341 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2342 10.36.0.38 2342 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2343 10.36.0.38 2343 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2344 10.36.0.38 2344 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2345 10.36.0.38 2345 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2346 10.36.0.38 2346 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2347 10.36.0.38 2347 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2348 10.36.0.38 2348 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2349 10.36.0.38 2349 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2350 10.36.0.38 2350 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2351 10.36.0.38 2351 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2352 10.36.0.38 2352 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2353 10.36.0.38 2353 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2354 10.36.0.38 2354 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2355 10.36.0.38 2355 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2356 10.36.0.38 2356 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2357 10.36.0.38 2357 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2358 10.36.0.38 2358 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2359 10.36.0.38 2359 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2360 10.36.0.38 2360 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2361 10.36.0.38 2361 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2362 10.36.0.38 2362 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2363 10.36.0.38 2363 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2364 10.36.0.38 2364 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2365 10.36.0.38 2365 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2366 10.36.0.38 2366 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2367 10.36.0.38 2367 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2368 10.36.0.38 2368 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2369 10.36.0.38 2369 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2370 10.36.0.38 2370 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2371 10.36.0.38 2371 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2372 10.36.0.38 2372 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2373 10.36.0.38 2373 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2374 10.36.0.38 2374 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2383 10.36.0.38 2383 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2393 10.36.0.38 2393 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2403 10.36.0.38 2403 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2375 10.36.0.38 2375 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2376 10.36.0.38 2376 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2377 10.36.0.38 2377 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2378 10.36.0.38 2378 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2379 10.36.0.38 2379 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2380 10.36.0.38 2380 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2381 10.36.0.38 2381 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2382 10.36.0.38 2382 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2384 10.36.0.38 2384 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2385 10.36.0.38 2385 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2386 10.36.0.38 2386 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2387 10.36.0.38 2387 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2388 10.36.0.38 2388 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2389 10.36.0.38 2389 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2390 10.36.0.38 2390 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2391 10.36.0.38 2391 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2392 10.36.0.38 2392 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2394 10.36.0.38 2394 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2395 10.36.0.38 2395 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2396 10.36.0.38 2396 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2397 10.36.0.38 2397 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2398 10.36.0.38 2398 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2399 10.36.0.38 2399 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2400 10.36.0.38 2400 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2401 10.36.0.38 2401 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2402 10.36.0.38 2402 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2404 10.36.0.38 2404 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2405 10.36.0.38 2405 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2406 10.36.0.38 2406 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2776 10.36.0.38 2776 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 2776 10.36.0.38 2776 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 2777 10.36.0.38 2777 netmask 255.255.255.255 0 0
static (inside,outside) udp 208.49.159.193 2777 10.36.0.38 2777 netmask 255.255.255.255 0 0
static (inside,outside) tcp 208.49.159.193 h323 10.36.0.38 h323 netmask 255.255.255.255 0 0
3 Ways to Join
Business Accounts
- Perfect for organizations
- Multiple users
- Save over 36%
- Create a Business Account
Answer for Membership
- Earn free access
- Showcase your knowledge
- No credit card required
- Sign Up to Answer
Loading Advertisement...
by: mboonedogPosted on 2006-03-10 at 14:21:10ID: 16159411
Forgot to add my config...
interface FastEthernet2/0
description Westminster SmartRoute Net
ip address 10.10.0.1 255.255.255.0
ip nat inside
no ip mroute-cache
speed 100
full-duplex
!
interface ATM3/0
mtu 1500
no ip address
atm scrambling cell-payload
no atm ilmi-keepalive
!
interface ATM3/0.1 point-to-point
ip address 208.49.159.193 255.255.255.0 secondary
ip address 10.36.0.38 255.255.255.252
ip nat outside
pvc 5/300
vbr-nrt 42000 42000
encapsulation aal5snap
!
!
ip nat inside source static 10.10.0.2 208.49.159.201
ip nat inside source static udp 10.10.0.2 3230 208.49.159.201 3230 extendable
ip nat inside source static udp 10.10.0.2 3231 208.49.159.201 3231 extendable
ip nat inside source static udp 10.10.0.2 3232 208.49.159.201 3232 extendable
ip nat inside source static udp 10.10.0.2 3233 208.49.159.201 3233 extendable
ip nat inside source static tcp 10.10.0.2 3230 208.49.159.201 3230 extendable
ip nat inside source static tcp 10.10.0.2 3231 208.49.159.201 3231 extendable
ip nat inside source static tcp 10.10.0.2 3232 208.49.159.201 3232 extendable
ip nat inside source static tcp 10.10.0.2 3233 208.49.159.201 3233 extendable
ip nat inside source static tcp 10.10.0.2 1720 208.49.159.201 1720 extendable