Polycom VC problem

Unanswered Question
Apr 22nd, 2010

Hi,

Recently we have purchased polycom VC(VSX 7000) for our comapny.We are trying to do VC with our vendor office through internet.But we could not make the call.I have a static nat for the polycom device and allowed all the ports from outside to inside and inside to outside.

When i telnet the port 1720 to my vendor VC i couldnt tlenet.But same(telnet) is happening with out my firewall.

Even i have removed h.323 inspection in firewall.

Some one help me to fix this issue...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sean_evershed Thu, 04/22/2010 - 03:27

Hi,

- What ports have you opened on your firewall?

- Are you using an encrypted tunnel for this communication?

- What error logs are you seeing on your firewall when you make a call?

- Is it a PIX or ASA?

uthayaman Thu, 04/22/2010 - 04:19

From Inside and out side i have given permt ip any.

We are using ASA firwall

When i dial tcp session builts for outside and tears down due to sync time out.Even when i telnet the port 1720 from inside i am getting the same problem.

I disabled the h.323 inspection also.

From outside to inside(my vendor) is able dial my VC.

ankurs2008 Fri, 04/23/2010 - 18:22

Hi

Please let us know what Firewall version you are using ? Initiate the traffic and see the syslogs if you are getting anything which says like :

"IP Options : Router Alert ". If yes , then "ip-options" parameter needs to be disabled which can be accomplished by upgrading to 8.2.2 (and some versions of 8.2.1) From 8.2.2  release and above " ip-options" can be tweaked via the option "inspect ip-options" under which you can set the router-alert as "allow" .

The other option for above is to tell the vendor of Polycom application to disable the "ip-option" parameter from their end so as to allow the packet to pass-thru the ASA .

If you are not getting the above error of ip-option , then as you have disabled H323 Inspection ; ensure your vendor too have disabled the option of " NAT is H.323" Option disabled in the application

harryfolloder Fri, 04/23/2010 - 19:27

also in the Polycom UI on the codec you have to tell the endpoint what the public

facing address is that it will be NAT'd to as well as tell it that NAT is in use or else it will not work through

the firewall.

ankurs2008 Sat, 04/24/2010 - 10:00

Hi

I mean the option of "NAT is H.323 compatible " to be disabled in the Polycom application in my last line

Actions

This Discussion

Related Content