We help IT Professionals succeed at work.

Video Conferencing & Pix Firewall Problems

nfpfoil
nfpfoil asked
on
1,518 Views
Last Modified: 2008-11-25
My IT dept are trying to set up a 'polycom' video solution from office to my home.
There appears to be a problem at the office end with getting the comms through the 'pix' forewall.
They tell  me that in testing they are able to comment to the polycom test site but are not able to see any video or hear any audio.
Can anyone offer any possible solutions.
Comment
Watch Question

What version PIX?
Reid PalmeiraTelecom Engineer
Top Expert 2005

Commented:
the only other option would be something hosted like WebEx or e/pop. Anything you host internally would still go through the PIX.  My suggestion would be to get them to fix the ACL's on the PIX that are blocking the traffic.
Many people have problems with H323 Video Conferencing through a CISCO PIX.

The problem with H.323 VC is that it can use any dynamic ports from 1024-65535!! There are a couple of methods to resolve this and they are;

1. Use the integrated CISCO PIX 'fixup or inspect' - This will dynamically inspect any VC traffic and open and close the relevant ports as and when required. The downside is that CISCO only support H.323 version 4, so it will not support all Video Conferencing features (some that are not supported are, Encrpytion & Dual Display/DuoVideo/People&Content)
2. Set your Video Conferencing endpoint to use static Ports and open those up on the firewall (If using this option you have to swtich the 'fixup' or 'inspect' off on the CISCO firewall otherwise it will interfere.
There are set of instructions on what ports and how to open then up on a CISCO PIX here:
http://www.firstconnections.co.uk/support/viewkb.asp?id=26

If you have any problems, please contact me as I have much experience with H323 & CISCO PIX, but this should be enough info to help you out.

Good Luck!
Dave.
Does delete mean this information will literally be deleted?

I have posted some very usefull information and feel it may be relevant for future searches?
Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
Yes, that is what the recommendation means.

Whilst your link may well have sorted the issue, this could easily have been down to the proverbial double-nat problems that have often impacted H323-type communications (although we don't know if there was a second firewall/gateway in use inside the pix perimeter).

As the question asker has not responded to any of the comments it is impossible to know definitively. That said, if you feel your contribution should be kept i am happy to change the recommendation to PAQ - no refund.

Regards
keith

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.