Solved

udp request discarded

Posted on 2011-02-14
4
2,570 Views
Last Modified: 2012-05-11
Hi,

I am trying to connect to a video conference via polycom pvx application. I can connect successfully but do not receive inbound video and audio.
My outbound video and audio displays correctly to the other party.
I'm using a cisco ASA 5520 which is open in both directions to all IP traffic from the public IP of the video conference system i am connecting to.
Checking firewall logs i do see numerous udp requests being discarded between the public IP of the video conference system to the outside interface public IP of my firewall on ports 3230 and 3232.
Both these ports are open however.

Does anyone know a possible solution to this?

Thanks
0
Comment
Question by:rigneydolphin
4 Comments
 
LVL 8

Expert Comment

by:ragnarok89
ID: 34888360
Is your video conference in a DMZ or similar, where it's security setting is lower than the outside interface public IP of my firewall? PIX does not allow communication from low security port to a higher security port by default. You have to create rules for that.

Another possibility is your PIX not letting the endpoint's traffic in, or the endpoint PIX (if there is one) might not be letting their traffic out.
0
 

Author Comment

by:rigneydolphin
ID: 34888731
Thanks for the reply - my video conference is inside the internal interface however i have allowed all IP traffic from the video conference host IP to the outside world and vice versa.

The endpoint on the other side is configured correctly - if i use a data connection which bypasses the ASA i can connect successfully and received audio/video
0
 
LVL 3

Accepted Solution

by:
mikegatti earned 500 total points
ID: 34889354
one way video can be a couple of different problems, some of my suggestions are:

- Verify the configuration of your protocol inspection (fixup h.323 or sip)
- Make sure your routing is ok, the asa might be learning the route on a different interface of have a more specific route pointing to the route gateway (many time asymmetrical routing can cause such issues too)
- Verify that your nat configuration is correct (either using nat0 or static)
- and ACL's also play a great deal (although you said that was not the issue)

In the networks that I manage (5000+ nodes) routing is normally the culprit.
Do your logs give you any clues?

Try to run a packet-tracer on your asa with the source and destination, this will show you all the processes that the traffic is going through on your asa and point out where it could potentially be failing.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/p.html#wp1878788
0
 
LVL 2

Expert Comment

by:Debugger144
ID: 34892811
Basic on your submittion,  you are able to connect and your outbound audio n video is able to send out properly to the far end.
But you are still facing firewall issues. This is normal
.Did you call to a public IP address while your ip address is a internal one ?
If that the case you need to do some configuration on your FW/Router setting to router your public ip address using ports forwarding to your internal ip address.

Some firewall require you to manually specific the ports for video conferening.
The ports are 1719 to 173, TCP and UDP, Bi-directional.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now