×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SX20 system is not registered on H323 protocol

Unanswered Question
Jan 28th, 2014
User Badges:

Can someone help?


I configured SX20 behind firewall with NAT. I can call in, but cannot establish outgoing call.

Troubleshooting reports:

WARNING:

Default Call Protocol

The default call protocol is set to H323, but system is not registered on that protocol. The system may not be able to make any calls. Please eitherchange the default call protocol, verify that the protocol is enabled, or verify the H323 configuration..


My H323 NAT is on, CallSetup Mode is Direct, PortAllocation is Dynamic.


Any idea?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
amehla Tue, 01/28/2014 - 09:53
User Badges:
  • Silver, 250 points or more

Hi Martin,


since you are using direct ip to ip calls using NAT, you can savely avoid above message on unit.

Nikita Shrivastava Tue, 01/28/2014 - 10:34
User Badges:

Hi Martin,


You can also verify if the NAT mode is set to "ON" or "Auto".

In case you are trying for pulbic IPs, you can set the mode to either, and setting it to AUTO would educate the codec that if any IP in same LAN is called, it would not try to NAT it.

dwo_krivy Tue, 01/28/2014 - 22:51
User Badges:

I tested with all NAT options - ON, OFF, Auto. None of them works. I'm experienced with Polycom and know how to test with them. Cisco/Tandberg is still bit mystery to me. Why there is no tracert/ping test in Diagnostics??

Firewall people insist all is working from their site.. I should be able to prove it or tell them what is wrong.

Emin Aliyev Tue, 01/28/2014 - 22:31
User Badges:

I have  problem with  firewall, As i configured static nat  i can call from sx20 to outside,but from outside nobody can call to me.
my  global ip is 213.172.74.21 ,local 192.168.230.104.
can  someone  help me  with my firewall (ASA 5510 ) configuration 

dwo_krivy Tue, 01/28/2014 - 22:55
User Badges:

According to my colleague you should test to switch off some feature on ASA which is testing inside of packets (like you say dear packat you are SMTP on port 25? Let's look if you realy are SMTP...). He says this is often the case of denying packets.

amehla Tue, 01/28/2014 - 23:39
User Badges:
  • Silver, 250 points or more

Hi Martin,


set the port allocation as static, if it is set to dynamic it will open ports above 11000 range.


ports to be on firewall:


The following ports will cover both MultiSite and H.239 (dual stream):


For H.323:

  • Gatekeeper Discovery (RAS) – Port 1719 – UDP
  • Q.931 call Setup – Port 1720 – TCP
  • H.245 – Port Range 5555-5574 – TCP
  • Video – Port Range 2326-2485 – UDP
  • Audio – Port Range 2326-2485 – UDP
  • Data/FECC – Port Range – 2326-2485 – UDP



For SIP:


  • SIP messages – Port 5060 – UDP/TCP
  • SIP messages – Port 5061 – TLS(TCP)
  • H.245 – Port Range 5555-5574 – TCP
  • Video – Port Range 2326-2485 – UDP
  • Audio – Port Range 2326-2485 – UDP
Nikita Shrivastava Wed, 01/29/2014 - 04:41
User Badges:

Hi Emin,


Please ask your network guys to check the inspection for H323 and SIP on ASA.

Actions

This Discussion

Related Content