7.0.8 to 7.1.8 upgrade - H.323 not working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

7.0.8 to 7.1.8 upgrade - H.323 not working

L2 Linker

Dear All,

 

We have recently upgraded as the title suggests, and since upgrading our Polycom Group series video conference units are not working correctly on H.323 protocol.  When we connect to either a public video bridge or direct to another Polycom device, we are unable to hear the caller ont he conference.  This was previously working in 7.0.8.

 

From our initial investigations, we are able to get this working by configuring a static NAT rule for the Polycom device.  However when the device using the general Trust -> Untrust dynamic NAT it does not seem to work correctly.  We have performed packet captures which all seem to be flowing correctly and we are not seeing any dropped packets. 

 

We have also configured a Trust -> Untrust ANY ANY security rule for the polycom to make sure its not being blocked from that perspective.

 

The only thing I can think of is that the traffic is not being routed back for some reason due to some change involving NAT that was implemented since 7.0.8.

 

Can anyone think of why we are having this issue?

 

 

1 accepted solution

Accepted Solutions

Hi Gavin,

 

I would stick to using static NATs for both inbound and outbound, this is how I've always set up VoIP/video conferencing NAT rules.

 

Additionally you may be facing this issue, but you'd need to look at the global counters in combination with a packet filter.

 

https://live.paloaltonetworks.com/t5/Learning-Articles/Session-setup-fails-due-to-session-hash-colli...

 

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-check-global-counters-for-a-specific...

 

hope this helps,

Ben

View solution in original post

6 REPLIES 6

L2 Linker

Seriously... No one wants to take a stab at this one? lol

Hi Gavin,

 

I would stick to using static NATs for both inbound and outbound, this is how I've always set up VoIP/video conferencing NAT rules.

 

Additionally you may be facing this issue, but you'd need to look at the global counters in combination with a packet filter.

 

https://live.paloaltonetworks.com/t5/Learning-Articles/Session-setup-fails-due-to-session-hash-colli...

 

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-check-global-counters-for-a-specific...

 

hope this helps,

Ben

Hello,

I agree with the static NAT's, I also prefert to make them bi-directional, causes less of a headache with asymentric routing.

 

Regards,

Hi Guys,

 

Ok so If use static NAT's and I have 8 meeting rooms with Polycom devices, that would mean 8 public IP addresses.  Surely that's not scalable?  Maybe some kind of PAT would be a better option?  What does everyone think?

Hi Gavin,

 

Yes that is how I have done it in the past with these polycomm video conferencing devices. Do polycomm have a central server that you could set up on your internal network, with all the devices calling back to that? Then you just need to do a 1-to-1 static NAT for the central server.

 

You could you PAT in theory to send the traffic to the right video phones but I do not think you can change the ports the video units use.

 

hope this helps,

Ben

@GavinPalmer the scalability of this solution would wholly depend on your environment; for example in my environment the scalability of this is sensible and it's exactly what we do with our few actual video conferencing units. I always tell clients that this type of equipment should be a 1-1 anyways seeing as Polycom in particular has real issues sitting behind NATs.

 

PATs are acceptable granted that you can actually get it working; I wish I still had my cheat sheet from when I setup a few units to be used with verizon hotspots because I spent a fair amount of time figuring it all out but unfortunately I can't locate the list. Polycom is pretty notorious for behaving poorly behind a PAT  

  • 1 accepted solution
  • 4715 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!