H.323 cisco telepresence configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

H.323 cisco telepresence configuration

L1 Bithead

 Hi guys,

 

I am very new in PA administration and I am trying to set up voice communication between cisco telepresence sx-20 located with private IP address in my Internal network to some terminals outside the network. I am using IP address like calling number when I am trying to establish the connection.

I have tried a lot of configurations, but no one work. In last - I use static NAT and DNAT : (telepr ext test"(an IP address which is attached to the external interface), Telepresence - sx-20)

 

 Untitled.png

 

and security rule which allow any external traffic to destination "telepr ext test" with basic applications which is needed:

 

Untitled1.png

 

I have rule which allows the traffic from sx-20 to the internet too. I succeed and establish the call to some online test cisco IP addresses for example 71.14.2.158, but no audio or video traffic was received. In monitor tab I saw that the session-end-reason is "tcp-rst-from-server" for apps h.225 and h.245. With Pakcet capture I  saw a successfully TCP connection between both sides (my sx-20 and outside terminal-71.14.2.158). 

 

If my config is wrong, what NAT rule/rules should I make/or not to do this task? And what kind of security rules? Any help will be appreciate very well

 

Thank you very much in advance. 

 

Feel free to ask me anything if I was not so clear.

 

Best regards,

Maksim

1 accepted solution

Accepted Solutions

L6 Presenter

Can you do bi-directional: yes. I think we had a similar issue and that was due to one-way NAT rule. 

View solution in original post

7 REPLIES 7

L6 Presenter

Can you do bi-directional: yes. I think we had a similar issue and that was due to one-way NAT rule. 

Yes, but result was the same.

 

P.S. PAN-OS version is 7.1.5

Cyber Elite
Cyber Elite

Out of curiosity why do you have the DNAT for telepresence NAT rule? It seems like you wouldn't really need this policy at all.

You are right that it is not necessary a DNAT rule, but i have tried a lot of other configurations. Now i have done only one NAT rule with bi-directional: yes with our External GW which is the exit point to the internet:

 

Untitled2.png

 

It should be more clear on this way, but again still not work. I have changed the security policy to:

 

Untitled3.png

 

Is it possible to have a "problem" with the outside terminal (71.14.2.158)? I see rtp/rtcp packets back to External GW, but the session end reason for h.245 and h.225 in monitor tab for outgoing connections is "tcp-rst-from-server". I establish the call, but with no video or audio. Should I receive after all those packets or not?  

 

Thank you very much once again for your answers!

After a lot of debbuging the problem was resolved. There is an issue with the other side configuration. The right config was static NAT with bi-directional:yes with security rules as you mentioned.

 

Thank you for your answers and fast repsponses!

Actually, the biggest hint was "tcp-rst-from-server".  But l do not have much of knowledge about VoIP so was not able to conclude 😄 Thanks for coming back with the solution

Yes you are right, but I am not very good at voip troubleshooting too 🙂

  • 1 accepted solution
  • 5269 Views
  • 7 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!