Cisco Firewall :: 65535 Make Video Conference Call Through Microsoft Office Communicator
Oct 19, 2010
my client wants to make videoconference call thorugh Microsoft Office Communicator, this should be operating between host from one site to another one, but we already configured some rules in the firewalls, and making some test I see that the videoconference use dynamic ports (1024 to 65535) and if we let to operate the videoconference we should remove all the rules in the firewall and that's not the point.
View 6 Replies
ADVERTISEMENT
Mar 11, 2012
We have a Cisco secure VPN site to site tunnel between the 2 locations.Which ports are need to open on tunnel so that users can successfully use OCS over the site to site VPN tunnel.All the users are havning the main brach AD account.Using Wireshark captured the packets, found only port TCP 5060, after allowing this port over tunnel I can see the authentication window.The user authentication fails. Already port 3389, 80, 443 are allowed.The main requirement is to only have the Chat, Group Chat and file transfer. Not require AV traffic.OCS is using TCP. no TLS is configured.
View 1 Replies
View Related
Dec 27, 2011
There are two Polycom devices behind ASA (Terminal HDX7000 and MCU RMX1000), ASA is connected to Cisco 1900 router which is connected to ISP.
Polycom devices are NATed (unique global address per device) on router and h323 inspection is done on ASA. The issue is that when trying to connect from outside to conference on MCU I don't receive any video (but MCU shows me like a connected participant). The same is true when MCU try to call outside terminals, they are shown as connected participants, but there is just a black screen. On ASA all ports are opened (both in and out) and there are no ACLs on router. And what means NAT configuration on Polycom devices, why it is needed when NATing is done on router (such configuration option I've seen also on Tandberg and another vendor's devices)?
View 5 Replies
View Related
Jan 17, 2012
Site A Cisco 2911 -- 2 T1 WIC. One going to Site B 1841 another going to Site C 1841.I am looking for a way to setup a Polycom QOS, judging by several forum posts about this, would it be better to create an access list with the Polycom IPs to limit the bandwidth to 512Kbps? Or if not, a link for Polycom QOS configs? What is happening is when noone else is using the connection except for the video conference, after about an hour with the T1 not being 100 % utilized, the 2911 GE0/0 interface will start developing input queue errors. What I usually have to do is reboot the router at night and that alleviates the problem since regular data traffic will not cause this problem.
Current configuration : 3529 bytes
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone year
service password-encryption
[Code] .....
View 1 Replies
View Related
Apr 24, 2013
I Can't see the far video when run the video conference. the audio is working fine.How to config the port forwarding for video conference?
View 1 Replies
View Related
Mar 21, 2012
I have connected CeeLab C300 video confernce system to our lan connectet to linksys wag200g. I have forwarded all the ports listed in manual to work without public ip. The problem is that system connect with our branch in other city, sound is great but i have no video on our tv. The other side has an audio and video but using public ip. Is a wag200g compliant to work with videoconferencing system? Support of the Ceelab ask me that Linksys is capable to NAT the H323 codec for audio & video/
View 1 Replies
View Related
Feb 20, 2012
I have configured cisco 1751 router for internet with nating. Internet browsing working fine. But We have polycom hdx 6000 conference system to connect from remote site.
1. While calling remote ip it is ringing and connecting but not displaying any thing on the screen but their side is displaying.
2. When they call our side ip it cannot connecting.
I have connected netgear router then video conference is working fine (with out port forwarding also). If I configured that router between 2 local sites (not on internet line) its working fine where i did not configured any thing just given routing. Configure same situation using internet leased line.
View 1 Replies
View Related
Mar 17, 2011
Is it possible for a 9971 and ipad2 to have a video call either with Webex or another app? We're getting both soon, just seeing if anyone has tested it yet.
View 3 Replies
View Related
Aug 29, 2011
I'm an intern in an elementary school. We have here two administration computers in which I and all the teachers have access to. One of the teachers has told me that she cannot access her email (Microsoft Office Outlook 2003) from one of the computers.
View 5 Replies
View Related
Sep 15, 2012
We have CUCM & lync server setup and its working fine if any one calling each other with DNS load balancing. But customer want ot use Cisco ACE 4710 instead of DNS LB.We have configured Cisco LB and deploy but when CUCM user calling to lync user call going to disconnect after 4 sec and also Lync users unable to make call to CUCM.And also LB deploye between share point but when users are trying to open web session that time web page going to show page cannot display.
[code]....
View 1 Replies
View Related
Jul 1, 2011
url...I discovered that it would be possible to be protected from portscan, i mean when someone scan our nework/host from outside, the attacker will see all the 65535 ports as "open" (in that way it will be more difficult for an attacker to perform customized attacks...)So I have follow the setup in that link: policy-map global_policy class class-defaults set connection embryonic-conn-max 15 per-client-embryonic-max 3 service-policy global_policy global . The problem is that I don't have the exepected result..If i do a portscan over Internet from an external host to my hosts the portscan is successfully working and I can view my open ports...I have also tried to set this through a "match" in an access-list but without any sucess.
View 3 Replies
View Related
Jul 16, 2011
i just managed to config the Cisco 877 and send it to my client,when the client connect the router from his location the router can't make VPN connection to my HQ office,i can connect to the router using the external IP adress,i tried to reset the VPN tunnel but no avail,
View 3 Replies
View Related
Nov 3, 2011
I have a client using a VOIP service to a third party provider (RingCentral). They are connected via Cable ISP (6mb) to the Internet and now experiencing performance issues with their VOIP service. They indicated that the call can be heard but that there is jitter and choppines in the call and they have to place a regular landline call. Their provider recommended using QOS to improve. I did not see anything straight forward on the ASDM interface to do this and figure it may require command line to accomplish.
They have Cisco IP 303 and 5252G2 phones which connect through an ASA5505 7.2(4) to their provider for service. Apparently the voip app uses the following ports:
UDP
5060-5090
8000-8200
16384-16482
What would be the best solution to improve performance or perhaps traffic shape / priortize traffic to work. I assume this may be happening if there are heavy downloads or activity happening on the network. The ASA5505 is on 7.2(4). Some coded examples for the above info.
View 1 Replies
View Related
Apr 24, 2012
I am transitioning from a Microsoft ISA server to a Cisco ASA 5510. So far so good, until it comes to getting AAA functioning properly. I have a Microsoft IAS server that is functioning properly, however when I try to test it through the ASA's ASDM it errors out. When I run a packet trace it shows it's being blocked by the dreaded implicit ACL. The funny thing is that I can ping and traceroute to the IAS server from the ASA. I found numerous config examples for AAA using IAS, but still not working.
Could it possibly be behaving this way because my ASA and my IAS server are on two different internal netowrks? (172.31.1.x-ASA, 10.1.1.x-IAS)
View 1 Replies
View Related
Aug 5, 2012
We just set up the AnyConnect SSL vpn on our ASA. I am able to establish a connection fine using the Cisco AnyConnect client. I would like to use the native Windows VPN client though if possible. What configuration changes on either the firewall or the client I would need to make for this to happen?
View 1 Replies
View Related
Nov 16, 2011
I have some users from another company who are visiting my company. The use outlook to access their mail. I think it is via RPC over https (ssl). When there are on my network they are unable to send messages but when the connect to an ISP directly they are able to send. I have a cisco 2821 as my internet router and an ASA5505 (8.0.5...i downgraded it from 8.2.3) as my firewall. I have not blocked anything from going out. Of note is that when other users use window live configured for gmail....which uses tls they are unable to send emails with atachements. Regular emails go though no problem. Hotmail can send atachments without a problem (there is no encrytion there). I have narrowed the issue down to how the firewall treats esmtp or tls traffic passing though it. I have already diabled inspect esmtp on the firewall.
View 2 Replies
View Related
Nov 7, 2012
i have exchange with NLB cluster.
i want to PAT the cluster ip to access email from outside. i know i can add the static arp entry for multicast cluster ip.
my question is i can add static nat command to that same cluster ip for port 25 and 443 like normal way like we do for normal PAT?
View 2 Replies
View Related
May 26, 2011
Do you know if it is possible to filter TOIP flows between call server (Siemens technology) and phones ?Specialy, PIX is able to support dynamic ports opening?? Is there an ALG embeded?Is it required to upgrade PIX or not? is required a special licence??
View 1 Replies
View Related
Aug 4, 2011
I am just setting up a LAN using DIR-655 and I noticed this line in the logs: notice Aug 4 03:25:55 HTTP listening on port 65535
Is the router listening to that port?
View 1 Replies
View Related
Jul 25, 2012
I am running ASA ver. 8.2(2) and all users are configured in the ASA. This ASA is uses as a VPN ASA and we are using it for remote access for external users. When a user is logged in, he gets all parameters that are need to continue working from outside, such as, IP, assigned to special group with special permissions and so on. All the parameters that are needed are configured under user attribute. See example below:
username username1 password xxxxxx == nt-encrypted
username username1 attributes
vpn-group-policy Basic
vpn-access-hours none
vpn-simultaneous-logins 1
vpn-idle-timeout 30
[code]....
Is it possible to live the user attributes as is and to force the users to authenticate via LDAP servers only?
View 4 Replies
View Related
Oct 27, 2012
I am trying to implement Microsoft LDAP server with our ASA 5520. The client is using Cisco VPN client and when I am trying to connect I am receiving the following error message:
"Secure VPN connection terminated locally by the client. Reason 413:User authentication failed"
I triggered the debug on the ASA 5520 and everything looks fine .The LDAP server is sending the right information without any error message.
Googled this error message and I found that I need to enable the simultaneous logins to enable. I enabled it but I got the same error message. This configuration is under remote access vpn>group-policies>General>more options.
View 64 Replies
View Related
Jun 23, 2011
I got a problem yesterday with a customer that says that the calls from a CISCO IP Phone 7961 to an Alcatel 4018 IP Touch didn't work, well the phone rings but there's no voice; I manage a CISCO ASA version 8.2(1) and I was checking the Inspection Rules in the Service Policy Rules section and when you open the inspection_default at the Rule Actions tab I find that the H.323 H.225 and H.323 RAS box wasn't checked so I ask to the customer to made a test and the same problem happen so I checked both box and again ask to the customer for a test and it works.
I was talking to a partner and he said that maybe this Inspect fix some signaling parameters of this protocol that can't work fine behind of a firewall.
View 1 Replies
View Related
Apr 24, 2012
I have a computer behind the ASA 5505 firewall. The computer needs to access Microsoft Activation Server. Reading some website information, I need to allow a huge list of servers that basically points to www and https traffic. Therefore, looking at this heavy requirements, I prefer to allow this computer to navigate to any https or http (www) server outside of the firewall.I have included my current asa 5505 configuration. [code]
View 3 Replies
View Related
Oct 29, 2012
I ve configures an asa 5505 for remote vpn with anyconnect. it works just fíne - from remote i can ping the Clients and Server inside, i can do RDP or Connect via SSH to any machine, map some volumes local and so on but: I can not connect microsoft sql server. It uses port 1433 for the first connect and establishes then a dynamic connection. So i am a Newbie - what rules or configs do i miss?
View 3 Replies
View Related
Feb 10, 2013
I am trying to use the built in feature of Cisco ASA 5510 smart call home feature with the purpose of automatic backup creation by email. I found the configuration [URL]. I already configured the said instructions but when I send a test email it says it cannot contact the email server. Below is the error that I am getting from our ASA. I am new to firewall.
OGI-MNL-ASA-FW0# call-home test profile ASA_Config_Backup
INFO: Sending test message to fcaccam@example.com...
ERROR: Connecting to SMTP server xxx.xx.xxx.xx failed: CONNECT_FAILED(33)
ERROR: Failed: CONNECT_FAILED(33)
View 1 Replies
View Related
Jan 17, 2013
Why the below configuration does not work? BGP exchanges routes without a problem all the time the distribute list is removed from the config. When I apply the distribute list it blocks all routes, not just those intended in the prefix list.
[CODE]....
View 2 Replies
View Related
Apr 27, 2011
Searched through conference and still have no resolution.Switch: Cisco SGE 2000..Layer3 mode enabled through console. [code]
View 3 Replies
View Related
Mar 13, 2012
I have a setup using an ASA 5510 8.2(2). In the DMZ (192.168.12.x) there is a server, switch and multiple cameras for surveillance of the site. In the Inside (140.152.25.x) are the pcs that can run the client software to view the video feed, or it can pull from the server in the DMZ.
On the server in the DMZ, you can see the feed, along with any pc you connect to that network. On any machine on the Inside, or through VPN, you cannot either with the client software or pulling from the surveillance server.
I am watching the connection through ASDM and don’t see any particular port being blocked, but I do see TCP connections being terminated by inspection. So far I’ve taken out inspections for http and rstp. I don’t really see anything else that would drop video. I've attached the error I keep seeing.
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
[Code].....
View 7 Replies
View Related
Apr 22, 2013
I will be implementing a new firewall (cisco asa 5515x) on my existing 3750x (server switches) and my 2960s (user switches). What should I need to apply on my firewall and swtiches to make the implementation successfull. I will put my 3750x as my DMZ and my 2960s as my inside. The 3750x have multiple subnet and also the 2960s.which features and technologies i need to know on those 3 products. my 3750x and 2960s don't have any ACL defined and most common features are vlan, switchport, trunking, spanning-tree, stacking, vtp.how my asa knows that my 3750x/2960s have multiple vlans. my current connection right now on 3750x and 2960s is just through 6 ports i assigned as one trunk, below is my config [code]
my 2960s vlans are almost the same with my 3750x except vlan 160, 170, 192. but of course when i put this in asa, i have to segragate vlan for 3750x (192, 100, 110,160, 170) and 2960s (130, 150). for my 2960s connection to the asa and since this will have big bandwidth, i will use 3 ports on my asa (and trunk it) connecting to my 2960s and i will use 2 ports on my asa (and trunk it) connecting to my 3750x. the one internet ports and my one management ports on my asa will stay like that.
View 2 Replies
View Related
Jan 1, 2012
communication between 2 vlans.i have 2 vlans
Vlan 100
ip add 1.1.1.1
!
!
!
Vlan 200
ip add 2.2.2.2
i want to make communication between 2 vlans on firewall 5520 ASA 8.2.
View 1 Replies
View Related
Jul 20, 2011
I have this problem with the Polycom Video Conferencing (HDX 7000) While we can initiate a video call to other locations, we can not receive a video call from other locations. Whenever there is a incoming call, the polycom is ringing fine. but once we answer the call, the call will be disconnected. Our access rules are listed below, 203.125.99.99 is our public IP for example.
View 1 Replies
View Related
Apr 13, 2011
How many concurrent SIP channels should I expect to be able to make through a PIX firewall? We currently have a PIX 515 with the SIP fixup enabled.it worked fine for a low volume of traffic, but once we got to around 400-500 concurrent SIP calls the PIX started to struggle. Calls were dropping and other Internet traffic was intermittent. When I decreased the call volume it recovered and everything returned to normal.Bandwidth wise, we were only using about 20MB, so I think that as it needs to inspect and remember SIP packets for the purposes of opening RTP ports, we probably hit a bottleneck in terms of either the PIX's CPU or memory capacity. I've not seen any specs detailing how many SIP fixups a PIX (of any capacity) is able to handle.I'm thinking of upgrading to a PIX 525 or PIX 535, but I'd like to know how many SIP calls they will be able to handle before committing.
View 4 Replies
View Related
May 4, 2011
I am using ASA 5510 and I have a specific problem with Http Connection to receive a video Flow ( RSTP protocol ) in the LAN. Some Pc users (192.168.1.133,in the log) with ASA Lan Interface as gateway can ping the Camera but don't receveive the video flow.Some Pc users (192.168.1.116,in the log) using another gateway can ping and receive the video flow. I used Whireshark to capture traffic between camera and Pc using the 2 gateway. I joined Logs with this message.It seems to be a problem of TCP segments on the ASA, I try to changed some TCP options but it's still the same:- Disable Force Maximum Segment Size- Enable Force TCP Connection to Linger in TIME_WAIT State for at Least 15 Second.
View 7 Replies
View Related
