Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Opening ports for Video conferencing

hello good people,

We have just acquired a cisco profile 42 video conferencing equipment and am required to open ports for SIP and H232, any pointers on hw that can be acquired i have a cisco ASA 5510, Some one told me to open port 16384 but i need pointers on how to do it becuase I already set an access list to any.

the config

Internet -> ASA 5510 -> Switch -> Profile 42 and other devices

any help will be apprciated

Everyone's tags (5)
5 REPLIES
Cisco Employee

Opening ports for Video conferencing

Hi George,

Are you trying to open ports for inbound or outbound calls? Is the ASA using NAT or PAT for the video equipment on the inside when it goes out to the Internet?

-Mike

New Member

Re: Opening ports for Video conferencing

Thank you Mike,

I need to open both inbound and outbound calls, I need to be able to call

and also recive. so i think st some point i need to forword traffic to the

VC equipment form the firewall., Like I directed smtp to the mail server .

Thanks

On Thu, Nov 10, 2011 at 5:39 PM, mirober2 <

New Member

Re: Opening ports for Video conferencing

I think NAT would be Better as I already see some NAT commands. in the

config

Cisco Employee

Re: Opening ports for Video conferencing

Hi George,

In that case, you'll need to permit at least the signaling ports through your interface ACLs. For example, SIP uses port 5060 for signaling by default:

access-list outside_in permit udp any host eq 5060

access-group outside_in in interface outside

An ACL on the inside interface is not required unless you already have one configured there (all traffic is permitted to the outside by default).

You can use the ASA's inspection engines to dynamically open the other ports required for the call on a per-session basis. This way, you only need to open the signaling ports and the inspection will automatically take care of the media ports:

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

  inspect sip

service-policy global_policy global

You can read more about the voice inspections here:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/inspect_voicevideo.html

If the ASA is configured for NAT, these inspections are absolutely required. This will allow the ASA to also perform NAT on any embedded IP addresses in the voice payload.

Hope that helps.

-Mike

New Member

Re: Opening ports for Video conferencing

Let me try that then i will let you know.

Thank you so much

On Thu, Nov 10, 2011 at 6:09 PM, mirober2 <

5428
Views
0
Helpful
5
Replies
CreatePlease to create content