I have a Polycom Viavideo behind a Pix515 (IOS6) with NAT and a static mapping. I can't make any type of calls eventhough after I completely opened the firewall for all tcp and udp ports. Does anyone get this to work??
Viavideo is configured to used fixed ports as the remote system (Polycom viewstation 512).
Note: Polycom website states that they have tested and it works with pix firewall. However, they don't give you much details.
(I'll try this post again)
Would you send me this as well? I'm having problems with the same environment but with Polycom VS4000's.
Can you also send me that paper. We have a Picturetel 970 system behind PIX 515.I have opened all tcp/udp ports but I am not able to make or receive calls.My mail address is email@example.com. Thanks in advance
I would love a copy of the document.
Specifically of how to make 2 polycom viavideos work simultaneously using H.323 to 2 outbound endpoints using the Cisco IOS 12 or higher firewall option (does the hardware matter? - what is the recommended box for a small 14 node lan with a T-1 - I have 12 deaf people on a small XP Pro LAN with Win2k Server that desperately would like to commuicate with their couterparts around the country/world). I would prefer to use 2 one-to-one NAT entries with a 2 publicly accessible external IP addresses for those 2 systems. Any Cisco techs up in the Seattle area who know how to do this would be great too!. We haven't purchased a single item yet. I'm still researching this.
I'm suprised I cannot find a definitive document on cisco.com or polycom.com regarding this issue.
Can you send me this paper as well?
I am having this very problem. Could you send me the document at well?
Thanks in advance
Heads up to you all -
Nobody's responding to requests for this documentation, and I've never seen it. But I have gotten my Polycom units to work behind a firewall.
Trick here is, you cannot have the units accept inbound (through firewall) connects, AND trusted network connects at the same time.
When configured to accept inbound connections from the firewall, the polycom unit sets parameters on the firewall menu to inject the proper ip address into the h323 packet. When this is set, the unit will not communicate on your internal lan. Numerous calls to Polycom confirmed this. h323 puts ip addressing into the packet payload, that NAT will miss. Polycom gets around this by the firewall menu adjustment.
We have chosen the normal configuration. Put them all inside, and communicate with each other in the non-firewall-configured-mode. To make internet-based connections, simply origitate the call from the local polycom unit.
If you re interested in configuring a polycom unit to be visible from the internet, and behind your firewall, I used the configuration on the polycom website (search their knowledgebase for pix).
Also experiment with the fixup protocols. The newer versions of PIX code have made the fixup function better. It may help.
I hope this helps!
Could you please send me the document that explains how to get Poycoms working behind a Pix. Thanks.
I have several of this same config working with no problem. Some of the details are as follows...
no fixup protocol h323 1720,
static NAT mapping (as you said)
access-list for inbound ports tcp/udp 1720 and range from 3230 - 3235
ViaVideo software version 3.0
ViaVideo firewall settings for NAT
DO NOT auto detect WAN IP address, type in the outside address you are using
use fixed ports (as you said)
at this point when the viavideo software starts up, you should see the OUTSIDE IP address in the window at the bottom of the screen.
hope this helps, todd
We're running 5.2 IOS on the PIX 520. From the previous message, I assume you mean to ??
1) disable the h323 fixup statement
2) create a conduit for TCP 1720
3) create conduits for UDP 3230-3235
for each static NAT address
I'm testing multiple H323 products (Polycom, Picturetel,...) and
also have problems making it work with firewalls/Nat...
Qould you please forward the document to me which explanes how to
configure your pix firewall?(firstname.lastname@example.org)
I had the same problem with polycom behind a NAT,if you don't use fix ports for both sides it works (this is written in polycom docs).
I am having the same issues with a PIX 501. Has anyone gotten this to work properly? It seems that the fixup protocol h323 [port] should help but it doesn't seem to make any difference. I'm using a static command to the h323 terminal and I can access the web interface but cannot send or receive calls.
The current PIC code 6.2.x and previous support H.323 version 2 with is really for voice over IP applications. Video uses H.323 version 4 (note: these seem like blanket statements but I'm sure this is not true in all cases). The next version of PIX code - 6.3 is supposed to support H.323 version 4. Hopefully with this release the fixup protocol H323 should work properly
I would be interested to see what Cisco is sending out that gives the step by step procedures. Because I have about thirty of these exact installations and they all work fine. Just curious...
telehealth network coordinator