Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Polycom HDX7000 behind ASA not working

I have ran into a problem with my Polycom behind my ASA5510. I cannot receive calls from the outside and when placing calles from inside to outside the connection completes and my audio/video reaches the outside but no audio/video is returned through the firewall. I am a newbe to firewall configs so any help would be greatly appreciated. My ASA is running version 9.1(2) and below is the config as it relates to the polycom.

object network polycom_private

host 10.3.0.x

object network polycom_public

host 63.234.x.x

object-group service h323-Group

service-object tcp destination eq h323

service-object object 3230-3235

service-object object 3230-3280

access-list outside_acl extended permit object-group h323-Group any object polycom_private

object network polycom_private

nat (inside,outside) static 63.234..x.x

I have disabled h323 inspection and still i cannot make a successful connection.

Thanks in advance.

Everyone's tags (5)
1 REPLY
Community Member

Polycom HDX7000 behind ASA not working

After working with TAC we have made a few changes on the ASA to get this partially working. I can now make outbound calls to remote sites and get audio and video to pass in both directions. However, I still cannnot get any inbound calls to pass through the ASA. Here are the changes TAC made to the ASA to get this working most of the way.

Issue: ASA was dropping packets with 'router alert' IP option set.

Fix: Created a new policy-map to specifically allow this traffic and applied it to the Global Policy.

Also, enabled Skinny, SIP, H323 inspection on the global policy.

Still working on the remote site dialing in but as of right now when testing an inbound call from a remote site for reasons unknown, we were seeing SYN on port 1720 coming in from the remote Polycom unit, being untranslated and going to the local Polycom unit, however, we never saw a Syn Ack for that.

Work in progress..

Jimmy

1082
Views
0
Helpful
1
Replies
CreatePlease to create content