Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3265
Views
0
Helpful
3
Replies

H323 video and ASA static NAT

Go to solution
Mike Assel
Level 4
Level 4

‎05-21-2012 09:40 AM - edited ‎03-11-2019 04:09 PM

Hello.  I have a video conferencing codec installed behind a customers ASA 5500 (8.2.4).  The codec has a private IP address and a static one-to-one NAT with a public IP has been configured for it in the ASA.  All the appropriate ports for H323 video conferencing have been opened outbound and inbound, and H323 inspection has been turned off.  The problem is this:  I am trying to call another known fully working endpoint, but when I do I get one way audio and video, and the call disconnects after roughly 20 seconds.  The customer has triple checked the NAT and ACL, and says he sees no packets being blocked on the ASA when we try to make a call.  I'm not very familiar with the ASA, so I'm looking for some guidance on what to check for next.  Thanks,  Mike

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎05-21-2012 09:49 AM

Hello Mike,

Can you turn on the inspection and give it another try?

Do you have any content filtering on your network?

Our next step would be to create captures to check what is going on.

Regards.

Julio

DO rate all the helpful posts!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎05-21-2012 09:49 AM

Hello Mike,

Can you turn on the inspection and give it another try?

Do you have any content filtering on your network?

Our next step would be to create captures to check what is going on.

Regards.

Julio

DO rate all the helpful posts!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
Mike Assel
Level 4
Level 4
In response to Julio Carvajal

‎05-29-2012 08:17 AM

Thank Julio.  That did the trick.  I'm very much a novice with the ASA and learning as I go.  I take it that H323 inspection is what makes the ASA H323 "aware"?  Also, is the "fixup" command an older PIX command and not valid on an ASA?  Thanks

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to Mike Assel

‎05-29-2012 10:17 AM

Hello Mike,

Glad I could help

The command its also available for the ASA but it you do it with the fixup command you will need to let the ASA know witch port to inspect

Fixup protocol H323 h225 x x ( ports you will inspect)

Regards,

Julio

Rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card