×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

EX90 to connect legacy Home Router ( DSL Fritzbox 7390)

Answered Question
Aug 11th, 2012
User Badges:

Hi,


My Cisco Ex90 is connected to DSL home connection. I want to call to an IP Endpoint with reachable as IP like Cisco C20or EX90. I set the EX90 in H323 Setting -->NAT the Public IP of my Public IP Address and he has also an internal IP address. I can make calls to outside IP but unfortunately not to take call from external. In the home router I can nothing set like NAT setting or whatever. What can I still make the Ex90 devices to legacy Home DSL connections without problems IP to IP connection.


Thank you

Correct Answer by Tomonori Taniguchi about 5 years 6 days ago

Oh ok, have you managed to receive the call from public network side now?


> Please note, if you modify default port configuration to static,

> Endpoint must restart first otherwise Endpoint still allocate port  dynamically.

This is quite easy to forget to do (^^).

Correct Answer by Tomonori Taniguchi about 5 years 6 days ago

No, port 2776 is used if your MXP endpoint registered on VCS-E.

If your Endpoint is not registered on GK and call setup mode is direct, following port may use (In static port configuration).

  • Port 1720 (Q.931 Call Setup)
  • Port 5555-5574 (H.245)
  • Port 2326-2485 (Media)


If H.323 Port configuration is Dynamic, then Endpoint will allocate which ports to use when opening a TCP connection.

The reason for doing this is to avoid using the same ports for subsequent calls, as some firewalls consider this as a sign of attack.

When Dynamic is selected, the H.323 ports used are from 11000 to 65535. Once 65535 is reached they restart again at 11000.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Amlesh Sengar Sun, 08/12/2012 - 08:28
User Badges:
  • Cisco Employee,

Hi,


Do you face the issue where the EX90 sees the incoming call however the call disconnects when "Answer" is pressed.



Thanks,

Amlesh

rasimyigit Sun, 08/12/2012 - 08:33
User Badges:

Hi,


Calling to outside per Ip work Fine . But i,'m not able to get a call per Ip. The settings is on direct.


Sent from Cisco Technical Support iPad App

vivsing2 Sun, 08/12/2012 - 16:43
User Badges:
  • Bronze, 100 points or more

Hi,


EX90 perform NAT on H323 packet, it has nothing to do with NAT on IP Packet, I am sure that

when you are dialing from inside then your DSL connection uses normal method PAT and send call outside; however when someone dial from out side it can reach to your DSL, but DSL router doesn't aware that it need to send that call to EX90.


So IP NAT will done by your DSL router.


Which public IP you are using in EX90, is that different from Public IP address assigned to DSL router or is it same.


Regards,

Vivek

rasimyigit Sun, 08/12/2012 - 22:54
User Badges:

Hi Vivek,


i used the same Public IP Address what the Router get from the Provider or assigned to the DSL Router

rasimyigit Sun, 08/12/2012 - 22:57
User Badges:

Hi Tomonori,


what do do think about that now? To change the Router or? It mzust be used a Home Router that support NAT/PAT?

Tomonori Taniguchi Sun, 08/12/2012 - 23:05
User Badges:
  • Cisco Employee,

In order to EX90 under home local network to receive the call from device in public network side, you may consider following methods.

  1. Configure port forwarding (or NAT) on home gateway router pointing to EX90.
  2. Register home EX90 on VCS-E and receive the call by URI dialing (or IP address and transform to EX90 URI).


If you have only single Endpoint (or only few Endpoint deployment in hone network) , then the first option is less additional cost.

If you have corporate network and also expanding home VC user, VCS-E will give you more robustness and administrative solution including home VC connectivity solution.

Tomonori Taniguchi Sun, 08/12/2012 - 17:32
User Badges:
  • Cisco Employee,

For H323, call negotiation is use local IP address (or NAT/PAT address by router) for Q9.31 and H.245 negotiation.

Then using IP address in H.323 payload for opening actual media logical port for audio, video, etc.

NAT configuration on EX90 apply for this IP address in H.323 payload because many NAT router only convert IP header address and doesn’t support NAT/PAT for IP address in H.323 payload which end up call establish with one-way audio/video.


For outgoing call from EX90 in home network, far end device see IP address of Home Router and proceed call for Q.931 and H.245 negotiation with it.

Since this originally PAT by home router, returning message from far end device correctly forward back to Home EX90.

Also EX90 include Home Router IP address in H.323 payload (as configured NAT on EX90), therefore call will established correctly with audio/video in both ways.


For incoming call, home router must forward Q.931 (and H.245) message to EX90, but my understand Firtzbox 7390 doesn’t support NAT (or seem it does support configuring it but doesn’t work correctly), therefore call won’t establish.

rasimyigit Sun, 08/12/2012 - 23:26
User Badges:

Hi,


we used only 2 Endpoints, that why we dont need t ouse VCSE/VCSC.

i configure Portforwarding on the Router for Q931 and H245=2776 correct?


THX

Correct Answer
Tomonori Taniguchi Sun, 08/12/2012 - 23:30
User Badges:
  • Cisco Employee,

No, port 2776 is used if your MXP endpoint registered on VCS-E.

If your Endpoint is not registered on GK and call setup mode is direct, following port may use (In static port configuration).

  • Port 1720 (Q.931 Call Setup)
  • Port 5555-5574 (H.245)
  • Port 2326-2485 (Media)


If H.323 Port configuration is Dynamic, then Endpoint will allocate which ports to use when opening a TCP connection.

The reason for doing this is to avoid using the same ports for subsequent calls, as some firewalls consider this as a sign of attack.

When Dynamic is selected, the H.323 ports used are from 11000 to 65535. Once 65535 is reached they restart again at 11000.

rasimyigit Sun, 08/12/2012 - 23:37
User Badges:

Sorry Tomonori,


i configured Portwarding of my Router with

  • Port 1720
  • Port 5555-5574
  • Port 2326-2485


its ringing but you ot to able pick up. Its ringing but not possible to take the call. Are you have a telephonenumber. Its easier :-)

mubakhta Sun, 08/12/2012 - 23:56
User Badges:
  • Silver, 250 points or more

Hi Rasim,


Can you provide the following config :


xconfig //h323

*c xConfiguration H323 NAT Mode: Off

*c xConfiguration H323 NAT Address: ""

*c xConfiguration H323 Profile 1 H323Alias ID: ""

*c xConfiguration H323 Profile 1 H323Alias E164: ""

*c xConfiguration H323 Profile 1 PortAllocation: Dynamic

*c xConfiguration H323 Profile 1 CallSetup Mode: Gatekeeper

*c xConfiguration H323 Profile 1 Gatekeeper Address: ""

*c xConfiguration H323 Profile 1 Gatekeeper Discovery: Manual

*c xConfiguration H323 Profile 1 Authentication LoginName: ""

*c xConfiguration H323 Profile 1 Authentication Password: ""

*c xConfiguration H323 Profile 1 Authentication Mode: Off

*c xConfiguration NetworkServices H323 Mode: On


Using this we will be able to better understand the H323 settings on your endpoint.


Regards,

Mubashshir Akhtar

rasimyigit Mon, 08/13/2012 - 00:04
User Badges:

xConfiguration H323 NAT Mode: Off
*c xConfiguration H323 NAT Address: ""
*c xConfiguration H323 Profile 1 H323Alias ID: ""
*c xConfiguration H323 Profile 1 H323Alias E164: ""
*c xConfiguration H323 Profile 1 PortAllocation: Dynamic
*c xConfiguration H323 Profile 1 CallSetup Mode: Direct
*c xConfiguration H323 Profile 1 Gatekeeper Address: ""
*c xConfiguration H323 Profile 1 Gatekeeper Discovery: Manual
*c xConfiguration H323 Profile 1 Authentication LoginName: ""
*c xConfiguration H323 Profile 1 Authentication Password: ""
*c xConfiguration H323 Profile 1 Authentication Mode: Off
*c xConfiguration NetworkServices H323 Mode: On

Tomonori Taniguchi Mon, 08/13/2012 - 00:06
User Badges:
  • Cisco Employee,

I though you already configure NAT as this Endpoint is behind home firewall.

Unless Firtzbox 7390 is H.323 awareness ALG firewall, you need to configure NAT address on your EX90.

rasimyigit Mon, 08/13/2012 - 00:12
User Badges:

Hi Tomonori,


thank for your lot support. It works now. I had set NAT with the Public IP of my Router, i sent to you the wrong config file


xConfiguration H323 NAT Mode: on
*c xConfiguration H323 NAT Address: "91.19.19.19"
*c xConfiguration H323 Profile 1 H323Alias ID: ""
*c xConfiguration H323 Profile 1 H323Alias E164: ""
*c xConfiguration H323 Profile 1 PortAllocation: static

*c xConfiguration H323 Profile 1 CallSetup Mode: Direct
*c xConfiguration H323 Profile 1 Gatekeeper Address: ""
*c xConfiguration H323 Profile 1 Gatekeeper Discovery: Manual
*c xConfiguration H323 Profile 1 Authentication LoginName: ""
*c xConfiguration H323 Profile 1 Authentication Password: ""
*c xConfiguration H323 Profile 1 Authentication Mode: Off
*c xConfiguration NetworkServices H323 Mode: On


The issue was , that i dont restarted after the change from dynamic to static port allocation.


Thank you and other members  so much

Correct Answer
Tomonori Taniguchi Mon, 08/13/2012 - 00:14
User Badges:
  • Cisco Employee,

Oh ok, have you managed to receive the call from public network side now?


> Please note, if you modify default port configuration to static,

> Endpoint must restart first otherwise Endpoint still allocate port  dynamically.

This is quite easy to forget to do (^^).

Tomonori Taniguchi Sun, 08/12/2012 - 23:59
User Badges:
  • Cisco Employee,

Need syslog from MXP Endpoint to understand where call process is hanging and not able to proceed after alerting.

You should check information in "Connect" message which contain contact IP address and port information for H.245 negotiation under " h245Address ipAddress".

===========================================================

value H323-UserInformation ::=

{

h323-uu-pdu

{

   h323-message-body connect :

   {

     protocolIdentifier { 0 0 8 2250 0 5 },

     h245Address ipAddress :

     {

       ip 'AC100177'H, <-----

       port 5556 <-----

     },

     destinationInfo

     {

===========================================================

You may need to check this information in both Endpoint side.

Please note, if you modify default port configuration to static, Endpoint must restart first otherwise Endpoint still allocate port dynamically.


Please remember syslog may contain your home network information.

If need for detail troubleshooting without publishing such log file on public community site, I’d recommend to open the TAC case.

Martin Koch Sun, 08/12/2012 - 23:01
User Badges:
  • Red, 2250 points or more

First of all the FritzBox is known to be quite feature rich, port forwards and UPNP (experimental supported

by the ex90 as well if I see it right) are possible (the link is in German, but that's just to proof that its possible, sure

if you got the FritxBox via an ISP, they might run a restricted firmware, ... ):

http://www.avm.de/de/Service/Service-Portale/Service-Portal/News_und_Ausblick/43_portfreigaben_eingehende_Verb.php


Besides that, ip dialing is so retro :-) I would recommend that you get yourself a VCS-E which is

exactly designed for way you want to do: firewall traversal!

In addition you get proper uri dialing, h323/sip and ipv4/ipv6 interworking, call control and much more.


If you do not want to operate your own vcs-e there are also companies providing you with vcs-e

registration services.

Actions

This Discussion