Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Video Conferencing - ASA Port

Hi All,

I am having a little touble with video Conferencing. We are using ASA 5510 as our firewall.

Can someone please tell me which ports to allow on ASA 5510 for Video Conferencing. Any help in this regard will be helpful.

Thanks in advance.

- Jay

6 REPLIES

Re: Video Conferencing - ASA Port

Jay,

VC uses H323 - so you need to double check which ports the unit requires, H323 uses the below....but some units don't use all of them:-

H.323 Port Requirements

Port Required/Opt Port Type Usage Direction

1718 Required Static UDP Gatekeeper Discovery (Must Be Bidirectional)

1719 Required Static UDP Gatekeeper RAS (Must Be Bidirectional)

1720 Required Static TCP H.323 Call Setup (Must Be Bidirectional)

1731 Required Static TCP Audio Call Control (Must Be Bidirectional)

1024 - 65535 Required Dynamic TCP Port Allocation H.245 (Must Be Bidirectional)

1024 - 65535 Required Dynamic UDP Port Allocation RTP (Video Data) (Must Be Bidirectional)

1024 - 65535 Required Dynamic UDP Port Allocation RTP (Video Data) (Must Be Bidirectional)

1024 - 65535 Required Dynamic UDP Port Allocation RTCP (Video Data) (Must Be Bidirectional)

Note: Other ports may be required depending on application and manufacturer of equipment.

HTH.

Cisco Employee

Re: Video Conferencing - ASA Port

Jay,

other then what ports are used,if traffic is initiated from inside to outside and there is no access list on inside interface: everything is open.If everyport is open,you do not need to open anything.to get the vc to work,add the inspection for h323.

######

class-map inspection_default

match default-inspection-traffic

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect smtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

service-policy global_policy global

##########

New Member

Re: Video Conferencing - ASA Port

Thanks guys for your replies and help.

Andrew, how do i recognize those ports that you have mentioned from 1025 and onwards. See i have created an access list from inside to outside which allows all IP connections from a specific IP address (And yes i am also using NAT for it). So do i still have to open specific ports.

Ans Sus, i have given the inspection commands already. But it doesnt work.

Hey guys, is there anything else that i need to look into. Thanks in advance.

Regards,

- Jay

Re: Video Conferencing - ASA Port

Jay,

The are generally ALL no privilage ports, you never want to really allow all those thru.

What I would do is read the manual for the VC unit - they generally tell you the exact ports that they need to work.

New Member

Re: Video Conferencing - ASA Port

Hi Jay,

Can you please let us know what is the protocol you are using and what exactly you need to do?

I understand that most likely you are using h323,but depending one the services you have different protocols inside h323, for eg h245.

Thanks,

John

New Member

Re: Video Conferencing - ASA Port

Hey Jhon,

Yes i am using H.323. Anyways, my problem is sorted out. Some ports for video conferencing are blocked at our ISP end.

By the way, thanks for your help guys.

Regards,

- Jay

1031
Views
0
Helpful
6
Replies
CreatePlease to create content