We have PIX 515 with Version 6.3(3). We are planning to setup Video conferencing to have a conference with our international customers . We are planning to put the Video conference system behind the firewall for security reasons .I would appreciate if anyone have similar setup and share the Tech aspects like what are the ports to be opened in firewall, fine tuning if any on firewall etc...
The fixup support for H.323 is pretty good now and even works with PAT. If you can avoid, don't use PAT for your server. Use NAT with a static statement and you'll have fewer problems.
You should be able to make it work with only opening TCP port 1720. However, this varies from one vendor to another as H.323 is a complicated and varied protocol suite. You may also need to open TCP/389 if you have a Netmeeting/MS based session.
Port Range Requirements for TCP and UDP on an iPower
1700 - 1749
17000 - 17099
17100 - 17299
UDP Port Control
17300 - 17309
Tip: If a call needs to go through a firewall, be sure to open the configured ports at the firewall as well. In addition to these ports, you must open TCP and UDP ports 1503 for T.120 support and TCP port 1720 for H.225.0 Call Signaling.
And also, you can find more details on polycom web site.
We're having the same issue here with a Polycom setup. And we are able to VTC using site-to-site VPN. The only problem is that the audio and video quality is not good. We have on both ends the DSL equivalent of T1. That's something to do with encryption. Anybody has an idea to give better results?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...