Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5500 configuration for VC

Hi All ,

i have to open ports for vedio conferencing in my Firewall configuration , can some advise me the steps to do it successfully .

regards ,

Everyone's tags (5)
1 REPLY

Re: ASA 5500 configuration for VC

Hi Bro

The TCP and UDP ports that needs to be permitted in your FW rules varies according to the VC product manufacturer. For example, if you were using Tandberg (recently acquired by Cisco) the TCP and UDP ports needed to be permitted are as defined in http://www.cisco.com/en/US/docs/telepresence/infrastructure/articles/conferencing_products_conferenceme_ports_used_kb_3.shtml

Generally, the TCP and UDP ports for VC are as listed below;

TCP/389

TCP/1002

TCP/1503

TCP/1720

TCP/1024-65535 & UDP/1024-65535

UDP/1718 - 1719

Note: You could include in your ACL "deny ip any any log" on the last line, to unearth more TCP and UDP ports, assuming they are not listed above.

Sometimes, you may need to disable the default inspects too (but do this as a last resort), assuming you do see packet drops when issuing the command "show service-policy global".

policy-map global_policy

class inspection_default

no inspect h323 h225

no inspect h323 ras

no inspect skinny

no inspect sip

P/S: If you think this comment is useful, please do rate them nicely :-) and select the option "THIS QUESTION IS ANSWERED"

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
305
Views
0
Helpful
1
Replies
CreatePlease to create content