Video Conferencing - ASA Port

Unanswered Question
May 26th, 2008
User Badges:

Hi All,


I am having a little touble with video Conferencing. We are using ASA 5510 as our firewall.


Can someone please tell me which ports to allow on ASA 5510 for Video Conferencing. Any help in this regard will be helpful.


Thanks in advance.


- Jay

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Jay,


VC uses H323 - so you need to double check which ports the unit requires, H323 uses the below....but some units don't use all of them:-


H.323 Port Requirements


Port Required/Opt Port Type Usage Direction


1718 Required Static UDP Gatekeeper Discovery (Must Be Bidirectional)

1719 Required Static UDP Gatekeeper RAS (Must Be Bidirectional)

1720 Required Static TCP H.323 Call Setup (Must Be Bidirectional)

1731 Required Static TCP Audio Call Control (Must Be Bidirectional)

1024 - 65535 Required Dynamic TCP Port Allocation H.245 (Must Be Bidirectional)

1024 - 65535 Required Dynamic UDP Port Allocation RTP (Video Data) (Must Be Bidirectional)

1024 - 65535 Required Dynamic UDP Port Allocation RTP (Video Data) (Must Be Bidirectional)

1024 - 65535 Required Dynamic UDP Port Allocation RTCP (Video Data) (Must Be Bidirectional)

Note: Other ports may be required depending on application and manufacturer of equipment.


HTH.

suschoud Mon, 05/26/2008 - 10:50
User Badges:
  • Gold, 750 points or more

Jay,


other then what ports are used,if traffic is initiated from inside to outside and there is no access list on inside interface: everything is open.If everyport is open,you do not need to open anything.to get the vc to work,add the inspection for h323.


######


class-map inspection_default


match default-inspection-traffic


policy-map global_policy


class inspection_default


inspect dns maximum-length 512


inspect ftp


inspect h323 h225


inspect h323 ras


inspect rsh


inspect smtp


inspect sqlnet


inspect skinny


inspect sunrpc


inspect xdmcp


inspect sip


inspect netbios


inspect tftp


service-policy global_policy global



##########

jaykishan Mon, 05/26/2008 - 20:31
User Badges:

Thanks guys for your replies and help.


Andrew, how do i recognize those ports that you have mentioned from 1025 and onwards. See i have created an access list from inside to outside which allows all IP connections from a specific IP address (And yes i am also using NAT for it). So do i still have to open specific ports.


Ans Sus, i have given the inspection commands already. But it doesnt work.


Hey guys, is there anything else that i need to look into. Thanks in advance.


Regards,


- Jay

jkampane Tue, 05/27/2008 - 03:21
User Badges:
  • Cisco Employee,

Hi Jay,


Can you please let us know what is the protocol you are using and what exactly you need to do?


I understand that most likely you are using h323,but depending one the services you have different protocols inside h323, for eg h245.


Thanks,

John

jaykishan Tue, 05/27/2008 - 19:56
User Badges:

Hey Jhon,


Yes i am using H.323. Anyways, my problem is sorted out. Some ports for video conferencing are blocked at our ISP end.


By the way, thanks for your help guys.


Regards,


- Jay

Actions

This Discussion