Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

tandberg at pix 506 problem

I use pix 506. When I config the tandberg endpoint at inside to network and opened the standard tcp/udp port which provided by the vendor. It can call out or in. However, when I enable the encryption option at tandberg endpoint to encrypt the meeting. It can't dial in or out again. Have anyone know the solution and share with me. Thanks!

  • Other Security Subjects
5 REPLIES
Cisco Employee

Re: tandberg at pix 506 problem

I guess syslog should give you further information on this. What is the PIX OS you are running? Just for the testing purpose, have you tried opening up all IP communication from outside to inside, or alteat between your particular hosts.

Thanks

Nadeem

New Member

Re: tandberg at pix 506 problem

Thanks your help!

The pix os 6.3(1).

I give some logging for help.

If I connection the call without encryption and success. The log as follow:

302013: Built outbound TCP connection 32 for outside:203.98.150.26/1720 (203.98.

150.26/1720) to inside:10.1.1.3/5555 (192.168.8.126/5555)

302003: Built H245 connection for faddr 203.98.150.26/5555 laddr 10.1.1.3

302013: Built inbound TCP connection 33 for outside:203.98.150.26/5555 (203.98.1

50.26/5555) to inside:10.1.1.3/5556 (192.168.8.126/5556)

302014: Teardown TCP connection 33 for outside:203.98.150.26/5555 to inside:10.1

.1.3/5556 duration 0:00:05 bytes 1450 TCP FINs

302014: Teardown TCP connection 32 for outside:203.98.150.26/1720 to inside:10.1

.1.3/5555 duration 0:00:10 bytes 1096 TCP FINs

g on302016: Teardown UDP connection 2 for outside:203.98.150.26/0 to inside:10.1

.1.3/2334 duration 0:05:01 bytes 0

302016: Teardown UDP connection 4 for outside:203.98.150.26/2335 to inside:10.1.

1.3/2335 duration 0:05:01 bytes 0

302016: Teardown UDP connection 5 for outside:203.98.150.26/0 to inside:10.1.1.3

/2326 duration 0:05:01 bytes 0

302016: Teardown UDP connection 8 for outside:203.98.150.26/2327 to inside:10.1.

1.3/2327 duration 0:05:01 bytes 0

302016: Teardown UDP connection 9 for outside:203.98.150.26/0 to inside:10.1.1.3

/2336 duration 0:05:01 bytes 0

302016: Teardown UDP connection 11 for outside:203.98.150.26/2337 to inside:10.1

.1.3/2337 duration 0:05:01 bytes 0

302016: Teardown UDP connection 12 for outside:203.98.150.26/0 to inside:10.1.1.

3/2328 duration 0:05:01 bytes 0

302016: Teardown UDP connection 15 for outside:203.98.150.26/2329 to inside:10.1

.1.3/2329 duration 0:05:01 bytes 0

302016: Teardown UDP connection 16 for outside:203.98.150.26/0 to inside:10.1.1.

3/2338 duration 0:05:01 bytes 0

302016: Teardown UDP connection 18 for outside:203.98.150.26/2339 to inside:10.1

.1.3/2339 duration 0:05:01 bytes 0

If I connect the call with encryption, it will not sucess. The log as follow:

302013: Built outbound TCP connection 34 for outside:203.98.150.27/1720 (203.98.

150.27/1720) to inside:10.1.1.3/5555 (192.168.8.126/5555)

405104: H225 message ALERTING received from 203.98.150.27/1720 to 192.168.8.126/

0 before SETUP

405104: H225 message ALERTING received from 203.98.150.27/1720 to 192.168.8.126/

0 before SETUP

405104: H225 message ALERTING received from 203.98.150.27/1720 to 192.168.8.126/

0 before SETUP

302014: Teardown TCP connection 34 for outside:203.98.150.27/1720 to inside:10.1

.1.3/5555 duration 0:00:40 bytes 1035 TCP Reset-O

106015: Deny TCP (no connection) from 203.98.150.27/1720 to 192.168.8.126/5555 f

lags ACK on interface outside

I hope you can help me again!

Cisco Employee

Re: tandberg at pix 506 problem

It seems to be an issue with H323 fixup. Try to do

"no fixup protocol h323", just for the testing.

you may also need to come to 6.3.3 code

Thanks

New Member

Re: tandberg at pix 506 problem

It seems to be no change. If I remove the "fixup protocol h323", I can make a call without encryption. But there is no image at inside VC and outside VC can appear image. If I try to dial with encryption, it can't make the call. I want to download 6.3.3. But I can't download it when I use the CCO login.

Cisco Employee

Re: tandberg at pix 506 problem

If possible, please open up a TAC case to get the new image.

Thanks

Nadeem

244
Views
0
Helpful
5
Replies