Solved

Port forwarding for inbound Polycom calls

Posted on 2011-09-25
5
733 Views
Last Modified: 2012-05-12
What ports need to be forwarded to enable incoming Polycom calls?  I have a Polycom VSX7000e device receiving the calls.  I've found numerous white sheets and spoken to Polycom tech support.  (Their level of apathy is discouraging.)  The following ports look to be the most reasonable.  Has someone actually configured a firewall for incoming Polycom calls?  Do these values look correct?

http://support.polycom.com/global/documents/support/user/products/video/pvx_internet_intranet_calling.pdf
1.      1720 H.323 call setup TCP
2.      5060 SIP call setup TCP and UDP
3.      3230-3237 Signaling and control for audio, call, video, and data/FECC, TCP and UDP
4.      1503 (optional) T.120 data collaboration TCP


0
Comment
Question by:jdana
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 9

Expert Comment

by:user_n
ID: 36595426
Yes they lokk reasonable. For sip default port is usually 5060. But all this usually dependes from the configuration of the devices from the both site of the firewall. http://en.wikipedia.org/wiki/RTP_Control_Protocol

You can see for SIP the real ports that are used in wireshark and sdp.
 http://en.wikipedia.org/wiki/Session_Description_Protocol
http://www.cisco.com/en/US/docs/voice_ip_comm/sip/proxies/2.2/administration/guide/eflows.html
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
0
 

Author Comment

by:jdana
ID: 36596284
RockMod,

Much better.  Thanks
0
 
LVL 37

Accepted Solution

by:
ArneLovius earned 250 total points
ID: 36923786
If you are using NAT, then for using H323 you also need to be using a H323 aware NAT device. This is because the endpoint addresses are also in the "payload" part of the packet as well as the packet header.

As a for instance a PIX running 6.3.5 will not work.

Looking at the rule set on a production ASA5510 with a VSX7000e that is just used in H323 mode, it is configured with a static NAT on the public address to the private address and then an ACL that allows inbound traffic to 1503, 1719, 1720 and 1731. Outbound traffic is not filtered.

If you do not have a H323 aware NAT "firewall" then you would need to either add an additional firewall, replace the existing firewall or run the VSX7000e on an external IP address. The "DMZ" function on most "residential" devices is usually only a full NAT and without the H323 aware ALG (Application Level Gateway) it will not work.

Any firewall that runs as a "filtering bridge" should be able to be configured.


0
 

Author Closing Comment

by:jdana
ID: 37011160
Wow!  Thanks!
0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question