Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3097
  • Last Modified:

udp request discarded

Hi,

I am trying to connect to a video conference via polycom pvx application. I can connect successfully but do not receive inbound video and audio.
My outbound video and audio displays correctly to the other party.
I'm using a cisco ASA 5520 which is open in both directions to all IP traffic from the public IP of the video conference system i am connecting to.
Checking firewall logs i do see numerous udp requests being discarded between the public IP of the video conference system to the outside interface public IP of my firewall on ports 3230 and 3232.
Both these ports are open however.

Does anyone know a possible solution to this?

Thanks
0
rigneydolphin
Asked:
rigneydolphin
1 Solution
 
ragnarok89Commented:
Is your video conference in a DMZ or similar, where it's security setting is lower than the outside interface public IP of my firewall? PIX does not allow communication from low security port to a higher security port by default. You have to create rules for that.

Another possibility is your PIX not letting the endpoint's traffic in, or the endpoint PIX (if there is one) might not be letting their traffic out.
0
 
rigneydolphinAuthor Commented:
Thanks for the reply - my video conference is inside the internal interface however i have allowed all IP traffic from the video conference host IP to the outside world and vice versa.

The endpoint on the other side is configured correctly - if i use a data connection which bypasses the ASA i can connect successfully and received audio/video
0
 
mikegattiCommented:
one way video can be a couple of different problems, some of my suggestions are:

- Verify the configuration of your protocol inspection (fixup h.323 or sip)
- Make sure your routing is ok, the asa might be learning the route on a different interface of have a more specific route pointing to the route gateway (many time asymmetrical routing can cause such issues too)
- Verify that your nat configuration is correct (either using nat0 or static)
- and ACL's also play a great deal (although you said that was not the issue)

In the networks that I manage (5000+ nodes) routing is normally the culprit.
Do your logs give you any clues?

Try to run a packet-tracer on your asa with the source and destination, this will show you all the processes that the traffic is going through on your asa and point out where it could potentially be failing.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/p.html#wp1878788
0
 
Debugger144Commented:
Basic on your submittion,  you are able to connect and your outbound audio n video is able to send out properly to the far end.
But you are still facing firewall issues. This is normal
.Did you call to a public IP address while your ip address is a internal one ?
If that the case you need to do some configuration on your FW/Router setting to router your public ip address using ports forwarding to your internal ip address.

Some firewall require you to manually specific the ports for video conferening.
The ports are 1719 to 173, TCP and UDP, Bi-directional.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now