Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

H323 video and ASA static NAT

Hello.  I have a video conferencing codec installed behind a customers ASA 5500 (8.2.4).  The codec has a private IP address and a static one-to-one NAT with a public IP has been configured for it in the ASA.  All the appropriate ports for H323 video conferencing have been opened outbound and inbound, and H323 inspection has been turned off.  The problem is this:  I am trying to call another known fully working endpoint, but when I do I get one way audio and video, and the call disconnects after roughly 20 seconds.  The customer has triple checked the NAT and ACL, and says he sees no packets being blocked on the ASA when we try to make a call.  I'm not very familiar with the ASA, so I'm looking for some guidance on what to check for next.  Thanks,  Mike

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

H323 video and ASA static NAT

Hello Mike,

Can you turn on the inspection and give it another try?

Do you have any content filtering on your network?

Our next step would be to create captures to check what is going on.

Regards.

Julio

DO rate all the helpful posts!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
3 REPLIES

H323 video and ASA static NAT

Hello Mike,

Can you turn on the inspection and give it another try?

Do you have any content filtering on your network?

Our next step would be to create captures to check what is going on.

Regards.

Julio

DO rate all the helpful posts!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

H323 video and ASA static NAT

Thank Julio.  That did the trick.  I'm very much a novice with the ASA and learning as I go.  I take it that H323 inspection is what makes the ASA H323 "aware"?  Also, is the "fixup" command an older PIX command and not valid on an ASA?  Thanks

H323 video and ASA static NAT

Hello Mike,

Glad I could help

The command its also available for the ASA but it you do it with the fixup command you will need to let the ASA know witch port to inspect

Fixup protocol H323 h225 x x ( ports you will inspect)

Regards,

Julio

Rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
2615
Views
0
Helpful
3
Replies
CreatePlease to create content