Recently we have purchased polycom VC(VSX 7000) for our comapny.We are trying to do VC with our vendor office through internet.But we could not make the call.I have a static nat for the polycom device and allowed all the ports from outside to inside and inside to outside.
When i telnet the port 1720 to my vendor VC i couldnt tlenet.But same(telnet) is happening with out my firewall.
Please let us know what Firewall version you are using ? Initiate the traffic and see the syslogs if you are getting anything which says like :
"IP Options : Router Alert ". If yes , then "ip-options" parameter needs to be disabled which can be accomplished by upgrading to 8.2.2 (and some versions of 8.2.1) From 8.2.2 release and above " ip-options" can be tweaked via the option "inspect ip-options" under which you can set the router-alert as "allow" .
The other option for above is to tell the vendor of Polycom application to disable the "ip-option" parameter from their end so as to allow the packet to pass-thru the ASA .
If you are not getting the above error of ip-option , then as you have disabled H323 Inspection ; ensure your vendor too have disabled the option of " NAT is H.323" Option disabled in the application
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...