Solved

Lifesize room220 behind ASA5505

Posted on 2010-11-10
6
2,424 Views
Last Modified: 2012-05-10
We are having issues making or receiving video calls on our new Lifesize Room 220, behind an ASA. it is in our DMZ, with a static NAT translation for a public IP.

The following ports are open to it:  tcp 1720, tcp 60000-64999  udp 60000-64999 and I have the proper outside ACL applied.

The issue: We have a block of 13 public IPs from Comcast. If I connect directly to the comcast modem with a laptop, pull a public IP, I can access the Lifesize device no problem via its publc IP. It hits the outside interface of the ASA and routes accordingly. . However, anyone outside of our public IP block can NOT access it.  I have never seen this issue before.

We thought it was a routing issue with our cable internet provider, but its not.  Because if I plug the lifesize directly into the cable modem, it grabs a public IP via DHCP, and works like a charm

 I was told by our vendor that these devices had issues behind Cisco devices. Anyone have any experience with this? We have several other publicly accessible devices in this DMZ that don't have any issues.

Thanks
0
Comment
Question by:orus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
cstosgale earned 500 total points
ID: 34106930
If you can connect to it from outside your ASA your config is unlikely to be the problem. I would make sure this is not a routing issue. Is the ASA the default route for the network the lifesize is on, and is the ASAs default route via that link?

Also, turn of h.323 inspection on the ASA, and make sure you have specified the public IP of the lifesize unit in it's config. I think there is some nat translation stuff to turn on on the lifesize as well.
0
 

Author Comment

by:orus
ID: 34106963
the ASA's default route, is the gateway given to us by Comcast

route outside 0.0.0.0  0.0.0.0  75.xxx.xx.190

-the public ip of the lifesize is on the same network as the gateway specified above (.190)
-h.323 inspection was already off

The tech tried using nat in the device then tried it disabled. Neither worked. I'm not sure how much experience he had, but we tried everything on our end
0
 
LVL 10

Expert Comment

by:cstosgale
ID: 34107393
Definitely should be enabled on the life-size, and the public ip must be specified.  This definitely should work, I have done it a number of times. I would do a packet capture on the asa (this can be done from the wizards menu in asdm).  This will show you what is missing.

Also make sure you are on version 8 or later on the asa.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:orus
ID: 34107529
I did do a capture. I captured any traffic hitting the public ip of the lifesize.  The only traffic which hits the asa is traffic initiated from our own public ip block, as specified above during my test

0
 

Author Comment

by:orus
ID: 34107546
We are at 8.04.   I just dont get it
Ive let tons of stuff into the dmz before in other  networks

Maybe the tech didnt do nat right
0
 

Author Closing Comment

by:orus
ID: 34107952
Let me know if u have any other ideas
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
QoS on Cisco router 10 51
Extended ping 6 51
DVR Camera Security System Port Forwading 7 60
Unable to enable HWIC 2FE 2 17
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question