Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

NAT and h323 in IOS

Hi:

I'm trying to setup a videoconference and I have a 2801 router (12.4(18c)) with NAT configuration between units but It doesn't work. I captured some packets with sniffer and I can see that units are trying to send voice and video information to the real IP address (not natted ip address in router). NAT and h323 is supported in Cisco? Should I apply a specific configuration in router?

Please let me know your comments.

TIA. Regards.

3 REPLIES
Cisco Employee

Re: NAT and h323 in IOS

Hi,

We do support NAT and H323:

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a00801af2b9_ps6640_Products_White_Paper.html

If you want to hide the real addresses, your unit should be configured to point to the Outside local or Inside Global address.

Could you describe your topology/configuration and your NAT policy ?

Thanks

Laurent.

Community Member

Hi, I'm getting the same

Hi,

 

I'm getting the same problem.

I'm using one static NAT 1:1 ip nat inside source static IPoutside IPlocal

When the polycom outside endpoint call H323 to inside endpoint by using IPoutside, the call can establish successfully. The outside endpoint cannot see/hear the endpoint inside. But the endpoint inside can see/hear the endpoint outside.

I'm using Cisco Router 2811. IOS version c2800nm-entservicesk9-mz.151-4.M7.bin

Does anyone know what's problem? Do I need to configure anything else to make this conference working.

Thanks in advanced.

Community Member

Re: NAT and h323 in IOS

Hi.

I think your problems lies with the fact that by default a cisco router does not know to nat correctly the h.323 protocol, because ports are being generated dynamically inside the H.323 conversations (similar to dynamic port allocation in FTP)

So. The only way to fix this problem in my oppinion is to upgrade your IOS to support IOS Firewall feature (specifically IOS-FW - H323 v3/v4 Support) which is basically able to look inside the h323 packet and decode it.

I advise you to use Cisco Feature Navigator to find an IOS suitable for your platform with this support

Cisco Feature navigator link:

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp (go to Search by feature)

Use the following documentation for more information regarding H.323 in Cisco IOS Firewall . (you basically need to enable ip inspection of h323 protocol to get this working)

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_fwall_h323_supp.html#wp1055468

3460
Views
0
Helpful
3
Replies
CreatePlease to create content