NAT and h323 in IOS

Unanswered Question
Apr 29th, 2009
User Badges:

Hi:

I'm trying to setup a videoconference and I have a 2801 router (12.4(18c)) with NAT configuration between units but It doesn't work. I captured some packets with sniffer and I can see that units are trying to send voice and video information to the real IP address (not natted ip address in router). NAT and h323 is supported in Cisco? Should I apply a specific configuration in router?


Please let me know your comments.


TIA. Regards.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Laurent Aubert Wed, 04/29/2009 - 16:28
User Badges:
  • Cisco Employee,

Hi,


We do support NAT and H323:


http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a00801af2b9_ps6640_Products_White_Paper.html


If you want to hide the real addresses, your unit should be configured to point to the Outside local or Inside Global address.


Could you describe your topology/configuration and your NAT policy ?


Thanks


Laurent.

tranminhc Mon, 06/30/2014 - 03:07
User Badges:

Hi,

 

I'm getting the same problem.

I'm using one static NAT 1:1 ip nat inside source static IPoutside IPlocal

When the polycom outside endpoint call H323 to inside endpoint by using IPoutside, the call can establish successfully. The outside endpoint cannot see/hear the endpoint inside. But the endpoint inside can see/hear the endpoint outside.

I'm using Cisco Router 2811. IOS version c2800nm-entservicesk9-mz.151-4.M7.bin

Does anyone know what's problem? Do I need to configure anything else to make this conference working.

Thanks in advanced.

c.captari Wed, 04/29/2009 - 20:24
User Badges:
  • Bronze, 100 points or more

Hi.

I think your problems lies with the fact that by default a cisco router does not know to nat correctly the h.323 protocol, because ports are being generated dynamically inside the H.323 conversations (similar to dynamic port allocation in FTP)


So. The only way to fix this problem in my oppinion is to upgrade your IOS to support IOS Firewall feature (specifically IOS-FW - H323 v3/v4 Support) which is basically able to look inside the h323 packet and decode it.

I advise you to use Cisco Feature Navigator to find an IOS suitable for your platform with this support


Cisco Feature navigator link:

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp (go to Search by feature)


Use the following documentation for more information regarding H.323 in Cisco IOS Firewall . (you basically need to enable ip inspection of h323 protocol to get this working)


http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_fwall_h323_supp.html#wp1055468

Actions

This Discussion