Video Conferencing - ASA Port

Unanswered Question
May 26th, 2008

Hi All,

I am having a little touble with video Conferencing. We are using ASA 5510 as our firewall.

Can someone please tell me which ports to allow on ASA 5510 for Video Conferencing. Any help in this regard will be helpful.

Thanks in advance.

- Jay

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Jay,

VC uses H323 - so you need to double check which ports the unit requires, H323 uses the below....but some units don't use all of them:-

H.323 Port Requirements

Port Required/Opt Port Type Usage Direction

1718 Required Static UDP Gatekeeper Discovery (Must Be Bidirectional)

1719 Required Static UDP Gatekeeper RAS (Must Be Bidirectional)

1720 Required Static TCP H.323 Call Setup (Must Be Bidirectional)

1731 Required Static TCP Audio Call Control (Must Be Bidirectional)

1024 - 65535 Required Dynamic TCP Port Allocation H.245 (Must Be Bidirectional)

1024 - 65535 Required Dynamic UDP Port Allocation RTP (Video Data) (Must Be Bidirectional)

1024 - 65535 Required Dynamic UDP Port Allocation RTP (Video Data) (Must Be Bidirectional)

1024 - 65535 Required Dynamic UDP Port Allocation RTCP (Video Data) (Must Be Bidirectional)

Note: Other ports may be required depending on application and manufacturer of equipment.

HTH.

suschoud Mon, 05/26/2008 - 10:50

Jay,

other then what ports are used,if traffic is initiated from inside to outside and there is no access list on inside interface: everything is open.If everyport is open,you do not need to open anything.to get the vc to work,add the inspection for h323.

######

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect smtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

service-policy global_policy global

##########

jaykishan Mon, 05/26/2008 - 20:31

Thanks guys for your replies and help.

Andrew, how do i recognize those ports that you have mentioned from 1025 and onwards. See i have created an access list from inside to outside which allows all IP connections from a specific IP address (And yes i am also using NAT for it). So do i still have to open specific ports.

Ans Sus, i have given the inspection commands already. But it doesnt work.

Hey guys, is there anything else that i need to look into. Thanks in advance.

Regards,

- Jay

jkampane Tue, 05/27/2008 - 03:21

Hi Jay,

Can you please let us know what is the protocol you are using and what exactly you need to do?

I understand that most likely you are using h323,but depending one the services you have different protocols inside h323, for eg h245.

Thanks,

John

jaykishan Tue, 05/27/2008 - 19:56

Hey Jhon,

Yes i am using H.323. Anyways, my problem is sorted out. Some ports for video conferencing are blocked at our ISP end.

By the way, thanks for your help guys.

Regards,

- Jay

Actions

This Discussion