Dansupport
asked on
POLYCOM HDX 7000 and ASA5505 No sound or video and call not auto answered
We can't establish point to point calls from the outside and we are pretty sure that we are missing something in the Firewall but can not figure out what it is. I have set use fixed ports on the polycom and "behind a h323 aware firewall" on the Polycom.
Here is config were we have opened up for evereythin.....
enable password SN8vIFI8jmj2kpjo encrypted
passwd SN8vIFI8jmj2kpjo encrypted
names
name 192.168.1.100 PolyCom
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 93.160.254.10 255.255.255.252
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
boot system disk0:/asa821-k8.bin
ftp mode passive
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
access-list outside_access_in extended permit tcp any interface outside log
access-list outside_access_in extended permit udp any interface outside log
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) interface PolyCom netmask 255.255.255.255 tcp 65535 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 93.160.254.9 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-reco
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns 194.239.134.83 193.162.153.164 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 193.162.145.130 source outside
ntp server 193.162.159.194 source outside prefer
webvpn
username dansupport password CFcTYuYVwj276zRO encrypted
!
class-map class_h323_h225
match port tcp range 1718 1719
class-map inspection_default
!
!
policy-map global_policy
class class_h323_h225
inspect h323 h225
policy-map global-policy
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:b2953e365c3
Here is config were we have opened up for evereythin.....
enable password SN8vIFI8jmj2kpjo encrypted
passwd SN8vIFI8jmj2kpjo encrypted
names
name 192.168.1.100 PolyCom
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 93.160.254.10 255.255.255.252
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
boot system disk0:/asa821-k8.bin
ftp mode passive
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
access-list outside_access_in extended permit tcp any interface outside log
access-list outside_access_in extended permit udp any interface outside log
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) interface PolyCom netmask 255.255.255.255 tcp 65535 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 93.160.254.9 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-reco
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns 194.239.134.83 193.162.153.164 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 193.162.145.130 source outside
ntp server 193.162.159.194 source outside prefer
webvpn
username dansupport password CFcTYuYVwj276zRO encrypted
!
class-map class_h323_h225
match port tcp range 1718 1719
class-map inspection_default
!
!
policy-map global_policy
class class_h323_h225
inspect h323 h225
policy-map global-policy
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:b2953e365c3
ASKER
Hmm that still dosen't tell what is wrong with my config...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The best thing to do is relate to the Polycom guide on this.
http://knowledgebase.polycom.com/knowledgebase/End%20User/Guides/Middleware/Polycom%20PathNavigator%20and%20Cisco%20PIX%20Firewall.pdf