VC connect issue Lifesize over Cisco 1941 router

Unanswered Question
Jul 10th, 2013
User Badges:

Hi


We have a problem getting a gateway to register on a Lifesize VC unit. It was working fine over a Juniper but moved office and setup a Cisco 1941 as router/firewall to replace the Juniper and it is no longer able to register whatever we try to do.


the lifesize is LS_Ex1_4.7.21(4)


the relevant Cisco IOS config items on the 1941 are here:


ip inspect name FW-Video tcp

ip inspect name FW-Video udp

ip inspect name FW-Video icmp


interface GigabitEthernet0/1.150

encapsulation dot1Q 150

ip address 10.1.150.1 255.255.255.0

ip access-group video_out out


ip nat inside source static 10.1.150.3 public_ip_address


ip access-list extended video_out

permit udp any 10.1.150.0 0.0.0.255 eq 1719

permit tcp any 10.1.150.0 0.0.0.255 eq 1720

permit tcp any 10.1.150.0 0.0.0.255 eq 1718

permit ip 10.10.10.0 0.0.0.255 any

permit tcp any 10.1.150.0 0.0.0.255 eq 443

permit tcp any 10.1.150.0 0.0.0.255 range 60000 60013

permit udp any 10.1.150.0 0.0.0.255 range 60000 60055



any suggestions would be appreciated, the Gateway support have not been able to resolve it and neither the Cisco engineers I usually use.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
paolo bevilacqua Wed, 07/10/2013 - 18:41
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

probably inconptete config, but to start with you need "ip nat inside" under interface.


However cases like this are, in my opinion, only solvable with direct access by a certified engineer.

markberry666 Wed, 07/10/2013 - 19:06
User Badges:

Hi


I have had certified engineers looking at it, hence my putting it out here.


sorry I shoudl have added more in but 'ip nat inside' is on the interface


we can access the VC from external and all testable ports appear to be working and translating across to the VC unit that is why its a mystery. We can even make calls out to other numbers but just cant get it to register with the gateway.


I hoped someone would have been through this with Lifesize VC's versus Cisco and could provide an answer.

mrmatthew77 Fri, 07/12/2013 - 15:25
User Badges:

Mark,


You may try disabling the Inspect policys.  I have seen this cause issues with registrations in the past. Also what type of gateway are you registering to?   Is this an h323 gatekeeper?



Are you seeing any replies from the gateway?   If so is it rejecting the registration or what is it replying with?

markberry666 Sun, 07/14/2013 - 17:16
User Badges:

Hi

I removed the h323 policy but I was advised this is needed to all ip address info to be passed on. Disabling the firewall all together is not an option.
The gatekeeper is h323 based and apparently uses udp 1719 for registration.
I am escalating this with some Cisco engineers so hopefully will get a solution . It does appear to be an issue with the Cisco h323 firewall not playing well with others at the moment.

Sent from Cisco Technical Support iPad App

markberry666 Sat, 07/20/2013 - 16:30
User Badges:

We are on the point of moving to ADSL for the VC and a non-cisco router for it, but I still want to understand this problem as it will stop me using CIsco in the future otherwise for VC units.


what we have seen is that the NAT appears not to be working. from this support post

https://supportforums.cisco.com/thread/2101730 I see that the issue has possibly arisen before for other IOS versions and it may be we have the same problem as described here.


our Cisco 1941 is using  IOS  C1900 software (c1900-UNIVERSALK9-M) Version 15.0(1)M3 release fc2


when we do sh ip nat translations for the relevant 10.1.150.3 VC unit address we are seeing udp for 1719 get just dashed lines and no ip address for outside local or outside global. Also the VC unit is not picking up the NAT public address but only showing itself on screen as 10.1.150.3. Though NAT is working for TCP as I can get into it via the public ip address using port 443 or port 80.

Actions

This Discussion

Related Content