Hi guys I got a situation right now, my client wants to make videoconference call thorugh Microsoft Office Communicator, this should be operating between host from one site to another one, but we already configured some rules in the firewalls, and making some test I see that the videoconference use dynamic ports (1024 to 65535) and if we let to operate the videoconference we should remove all the rules in the firewall and that's not the point, so If you know any solution to this issue please let me know.
Microsoft Office communicator uses a protocol that is called STUN if it goes over UDP. Unfortunately STUN is not supported on the ASA, thus video conference calls using Office communicator wont work. This is because over the communication already established they open new channels for new traffic flow, since the firewall does not see this traffic, the packets get dropped.
In fact I was making test with 2 users and only when I remove the security rules and it works but when I apply the security rules the connection drops because every new connection uses different ports. I was wondering if there are any other method to get this work but I'm affraid there is not.
That is exactly the problem. I talked to the folks from Microsoft when I had this issue and they told me how Communicator works, during the call they start another control channel in order to open the new dynamic set of ports, if the firewall does not see these ports the traffic gets drop.
Hopefully STUN support will be introduced in New versions.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :