Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4847
Views
0
Helpful
6
Replies

Polycom VC problem

uthayaman
Level 1
Level 1

‎04-22-2010 01:46 AM - edited ‎03-11-2019 10:36 AM

Hi,

Recently we have purchased polycom VC(VSX 7000) for our comapny.We are trying to do VC with our vendor office through internet.But we could not make the call.I have a static nat for the polycom device and allowed all the ports from outside to inside and inside to outside.

When i telnet the port 1720 to my vendor VC i couldnt tlenet.But same(telnet) is happening with out my firewall.

Even i have removed h.323 inspection in firewall.

Some one help me to fix this issue...

Labels:
0 Helpful
6 Replies 6

sean_evershed
Level 7
Level 7

‎04-22-2010 03:27 AM

Hi,

- What ports have you opened on your firewall?

- Are you using an encrypted tunnel for this communication?

- What error logs are you seeing on your firewall when you make a call?

- Is it a PIX or ASA?

0 Helpful

uthayaman
Level 1
Level 1
In response to sean_evershed

‎04-22-2010 04:19 AM

From Inside and out side i have given permt ip any.

We are using ASA firwall

When i dial tcp session builts for outside and tears down due to sync time out.Even when i telnet the port 1720 from inside i am getting the same problem.

I disabled the h.323 inspection also.

From outside to inside(my vendor) is able dial my VC.

0 Helpful

sean_evershed
Level 7
Level 7
In response to uthayaman

‎04-22-2010 11:48 PM

Have you seen this guide on how to allow H.323 traffic through a firewall? This may prove useful.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081042c.shtml#h323

0 Helpful

ankurs2008
Level 1
Level 1
In response to sean_evershed

‎04-23-2010 06:22 PM

Hi

Please let us know what Firewall version you are using ? Initiate the traffic and see the syslogs if you are getting anything which says like :

"IP Options : Router Alert ". If yes , then "ip-options" parameter needs to be disabled which can be accomplished by upgrading to 8.2.2 (and some versions of 8.2.1) From 8.2.2  release and above " ip-options" can be tweaked via the option "inspect ip-options" under which you can set the router-alert as "allow" .

The other option for above is to tell the vendor of Polycom application to disable the "ip-option" parameter from their end so as to allow the packet to pass-thru the ASA .

If you are not getting the above error of ip-option , then as you have disabled H323 Inspection ; ensure your vendor too have disabled the option of " NAT is H.323" Option disabled in the application

0 Helpful

harryfolloder
Level 1
Level 1

‎04-23-2010 07:27 PM

also in the Polycom UI on the codec you have to tell the endpoint what the public

facing address is that it will be NAT'd to as well as tell it that NAT is in use or else it will not work through

the firewall.

0 Helpful

ankurs2008
Level 1
Level 1
In response to harryfolloder

‎04-24-2010 10:00 AM

Hi

I mean the option of "NAT is H.323 compatible " to be disabled in the Polycom application in my last line

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card