Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1006
Views
0
Helpful
3
Replies

ASA 55xx and Videoconferencing and VCS

vipersl65
Level 4
Level 4

‎11-14-2011 11:25 AM - edited ‎03-11-2019 02:50 PM

I'm not a Security or ASA guy but I always encounter on all my projects the question of "can you help me translate into a configuration that TCP/IP ports you need for your videoconferencing?"

APpreciate it a lot if someone can send or email or PM me a working config(scrubs the confidential info) of the ASA that will work for the setup that has

VCS Control

VCS Expressway

Internal video endpoints calling External (different company's) endpoints

Thanks

Labels:
0 Helpful
3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

‎11-14-2011 11:35 AM

Hi,

Well, there is no special configuration, it really depends on the device you are using, the protocols and the support for NAT. Basically, If the VCS needs to be accesed from the internet, I would use an static 1 to 1 and translate the device to a public IP, Then allow the voice protocol to be use and finally, enable the inspection depending of the protocol to be used (Most of the time h323).

Hope it helps.

Mike

Mike
0 Helpful

vipersl65
Level 4
Level 4
In response to Maykol Rojas

‎11-14-2011 11:45 AM

Sory forgot to add more details.

The protocols will be H.323 and SIP.  Tandberg(now Cisco) has a document that lists all the TCP and UDP ports that are required to be open in the firewall.

It is just translating those ports into an actual ASA command lines or config that I need since I am not an ASA guy.

I just want to help the customer that is asking for assistance as I always encounter this question and it is a bt frustrating not have the info.  I am enrolling myself in an ASA class soon though.

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to vipersl65

‎11-14-2011 11:58 AM

Hi,

Basically if your Tandberg is sitting on the inside, and the calls are coming from the outside, you will just need an access list permitting port TCP 1720 (control channel for H323) TCP/UDP 5060 (Control channel for SIP). Also, make sure that the inspections are configured on the firewall, to see that, you will need to do a show run policy-map, that will list the protocols to be inspected.

The RTP ports, will be opened dynamically on demand if the inspections are configured.

Mike

Mike
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card