Solved: UC500 with a prive IP behind a firewall

w.boerendans · ‎08-05-2009

How can I explain my problem? I think, the best way is a picture. Hopefully, it's clear..

Case: a remote worker with X-Lite on the pc can hear the other one. But his own stream are delivered on a wrong IP (local private IP of the WAN UC500), see the picture what I mean..

Any ideas what the solution could be?

Thanks, Wim

JOHN NIKOLATOS · ‎08-08-2009

Wim,

I have had a few issues like this in the past... and they all turned out to be a routing issue... where I can hear one way audio but the other end could not hear me... or vice versa..

Make sure all your IP PHone endpoints can route to all other subnets for both data and voice vlans. Maybe a acess-list is blocking the 10.1.1.X from getting back to your remote subnet.. but allowing your remote subnet to talk to 10.1.1.X.

View solution in original post

Steven Smith · ‎08-05-2009

Best case is that you use a VPN on the computer with the soft client to connect to the UC500. Then you should have an IP on the data subnet of the UC500.

w.boerendans · ‎08-05-2009

Yes, I know... but the first choice is without a VPN... ;)

Marcos Hernandez · ‎08-05-2009

You need an Application Layer Gateway (ALG) capable device for correct NAT implementation. Please refer to the document "Integrating the UC500 into an existing Network" for deployment tips:

https://supportforums.cisco.com/docs/DOC-9674

Thanks,

Marcos

w.boerendans · ‎08-05-2009

I have a speedtouch 546 router. I see on this webiste http://speedtouch.net.nz/disablealg.htm that ALG is supported.

When I enable ALG on my router... then, I have no problems with one way audio ?

Steven Smith · ‎08-05-2009

The link describes disabling the ALG. If you have disabled the ALG, that would cause this problem. Enabling the ALG should fix this.

w.boerendans · ‎08-06-2009

I don't know exactly what to do. This is what I read:

An ALG for these NAT/PAT-sensitive protocols (IP6TO4, GRE, PPTP, ESP, IKE, SIP, JABBER, ILS, H245, H323, RAUDIO(PNA), RTSP, IRC, FTP) supports Protocol Anomaly Detection (PAD) inspections of each packet, allowing approved packets to pass though the NAPT without the need for static bindings (pinholes).

I have add a printscreen with the settings on the router. Is this configure right now?

Thanks in advance!

Marcos Hernandez · ‎08-06-2009

Wim,

Not knowing what this device is or does, I couldn't really tell if their ALG is configured correctly. I suggest you contact that vendor and ask for more information.

Thanks a lot,

Marcos

Steven Smith · ‎08-06-2009

I agree with Marcos, while the settings look correct, it doesn't appear to be working correctly. Hopefully the vendor could tell you more.

JOHN NIKOLATOS · ‎08-08-2009

Wim,

I have had a few issues like this in the past... and they all turned out to be a routing issue... where I can hear one way audio but the other end could not hear me... or vice versa..

Make sure all your IP PHone endpoints can route to all other subnets for both data and voice vlans. Maybe a acess-list is blocking the 10.1.1.X from getting back to your remote subnet.. but allowing your remote subnet to talk to 10.1.1.X.