• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4220
  • Last Modified:

POLYCOM HDX 7000 and ASA5505 No sound or video and call not auto answered

We can't establish point to point calls from the outside and we are pretty sure that we are missing something in the Firewall but can not figure out what it is. I have set use fixed ports on the polycom and "behind a h323 aware firewall" on the Polycom.
Here is config were we have opened up for evereythin.....

enable password SN8vIFI8jmj2kpjo encrypted
passwd SN8vIFI8jmj2kpjo encrypted
names
name 192.168.1.100 PolyCom
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 93.160.254.10 255.255.255.252
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
boot system disk0:/asa821-k8.bin
ftp mode passive
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
access-list outside_access_in extended permit tcp any interface outside log
access-list outside_access_in extended permit udp any interface outside log
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) interface PolyCom netmask 255.255.255.255 tcp 65535 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 93.160.254.9 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns 194.239.134.83 193.162.153.164 interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 193.162.145.130 source outside
ntp server 193.162.159.194 source outside prefer
webvpn
username dansupport password CFcTYuYVwj276zRO encrypted
!
class-map class_h323_h225
 match port tcp range 1718 1719
class-map inspection_default
!
!
policy-map global_policy
 class class_h323_h225
  inspect h323 h225
policy-map global-policy
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:b2953e365c39d497c3d5a63b5c8f9189
0
Dansupport
Asked:
Dansupport
1 Solution
 
alexcfCommented:
0
 
DansupportAuthor Commented:
Hmm that still dosen't tell what is wrong with my config...
0
 
jrd326Commented:
Polycom video conferencing systems require 2 TCP ports per connection and 8 UDP ports per connection.  I notice that you only have a static command for 1 TCP port.  This is most likely the problem with getting a connection.  Please refer to the Firewall Settings section of the following polycom document.

http://www.polycom.com/global/documents/support/setup_maintenance/products/video/hdx_ag.pdf

I would recommend the configuration that allows you to configure a beginning TCP and UDP port and the system will assign the other ports needed to get everything working.   You will also need to allow port 1720 to the polycom system to allow for H.323 traffic.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now