Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Polycom VC problem

Hi,

Recently we have purchased polycom VC(VSX 7000) for our comapny.We are trying to do VC with our vendor office through internet.But we could not make the call.I have a static nat for the polycom device and allowed all the ports from outside to inside and inside to outside.

When i telnet the port 1720 to my vendor VC i couldnt tlenet.But same(telnet) is happening with out my firewall.

Even i have removed h.323 inspection in firewall.

Some one help me to fix this issue...

  • Firewalling
Everyone's tags (2)
6 REPLIES

Re: Polycom VC problem

Hi,

- What ports have you opened on your firewall?

- Are you using an encrypted tunnel for this communication?

- What error logs are you seeing on your firewall when you make a call?

- Is it a PIX or ASA?

New Member

Re: Polycom VC problem

From Inside and out side i have given permt ip any.

We are using ASA firwall

When i dial tcp session builts for outside and tears down due to sync time out.Even when i telnet the port 1720 from inside i am getting the same problem.

I disabled the h.323 inspection also.

From outside to inside(my vendor) is able dial my VC.

Re: Polycom VC problem

Have you seen this guide on how to allow H.323 traffic through a firewall? This may prove useful.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081042c.shtml#h323

New Member

Re: Polycom VC problem

Hi

Please let us know what Firewall version you are using ? Initiate the traffic and see the syslogs if you are getting anything which says like :

"IP Options : Router Alert ". If yes , then "ip-options" parameter needs to be disabled which can be accomplished by upgrading to 8.2.2 (and some versions of 8.2.1) From 8.2.2  release and above " ip-options" can be tweaked via the option "inspect ip-options" under which you can set the router-alert as "allow" .

The other option for above is to tell the vendor of Polycom application to disable the "ip-option" parameter from their end so as to allow the packet to pass-thru the ASA .

If you are not getting the above error of ip-option , then as you have disabled H323 Inspection ; ensure your vendor too have disabled the option of " NAT is H.323" Option disabled in the application

New Member

Re: Polycom VC problem

also in the Polycom UI on the codec you have to tell the endpoint what the public

facing address is that it will be NAT'd to as well as tell it that NAT is in use or else it will not work through

the firewall.

New Member

Re: Polycom VC problem

Hi

I mean the option of "NAT is H.323 compatible " to be disabled in the Polycom application in my last line

3966
Views
0
Helpful
6
Replies