NAT 1:1 Polycom VSX 7000
-
Hi, thanks for your effort to help solve my case.
Please can you explain if I used the filter correctly, I intended to monitor only LAN-ip traffic, using a filter for polycom IP address "192.168.40.251", when NAT requests occur, they should be caught in tcpdump using the command filter below?tcpdump -nvxi re0 -w capture.pcap host 192.168.40.251I captured packets from the WAN-ip interface, using a filter for WAN-ip and LAN-ip addresses, but when analyzing wireshark did not find NAT requests, I will forward the link of this packet in your chat.
I used the command below.tcpdump -nvxi sk1 -w new.pcap "(host 189.20.108.XX or host 192.168.40.251)"Best regards,
Wesley Santos -
It has nothing to do with the filter.
The PBX is telling the far side to connect back to 192.168.40.251 on port 3230 for RTP.
Obviously the far side cannot do that because that is your inside, non-routable, RFC1918 address.
You need to tell the PBX to send your outside WAN address there instead.
It is embedded in the SIP protocol. NAT can't translate it and there is no SIP ALG in pfSense to do it for you either.
-
Hey man, how you doing?
I reviewed all NAT settings applied to "Polycom VSX 7000", also restored the applied settings and configured them again. I can not understand what I am configuring wrong with NAT inside the pfsense firewall, the polycom NAT settings are very simple, below are some pictures of the polycom NAT settings.LAN properties.
🔒 Log in to viewPolycom NAT Settings.
🔒 Log in to view🔒 Log in to view
Best regards,
Wesley Santos -
Sorry. I don't read Portuguese.
-
https://community.polycom.com/t5/Video-Endpoints/VSX-7000-Connection-Issue/td-p/36896
-
Sorry, I replaced the images using English.
-
Hello, I have this same problem reported by this person.
I performed all the steps and was only able to connect with the other end by clearing the "NAT is H.323 compliant" check box, but only audio is transmitted between both ends, when I leave this option selected, I can't connect audio / video.In fact, I have come to the conclusion that my firewall is blocking requests on the H323 protocol, do you suggest some maneuver to free all traffic coming under the H323 protocol?
Best regards,
Wesley Santos -
It's very unlikely to be blocking it unless you have added rules. Do you see blocked traffic?
If you uncheck that and incoming audio streams then work then clearly the device is then sending the correct address for external clients to connect to.
The lack of video could be related or it could be a missing firewall rule for whatever port that is using.
Try getting a pcap with the audio functioning and see what other traffic is there on the WAN.
Steve
-
Hi @stephenw10, how are you?
I cleared the "H.323 NAT Compatible" checkbox, performed a new capture, traffic seems to occur between both ends, but only audio traffic occurs, video traffic requires Polycom-enabled H323 protocol.
In your chat I sent a packet capture.Best regards,
Wesley Santos -
Hmm, not seeing anything obviously wrong in the pcap. It is now sending correct IP address for incoming connections in the packets I checked which is why RTP traffic is now coming back from the remote IP.
I won't claim to be any sort of expert here, there could be something on there indicating why video is failing. I can't see why it wouldn't work though given the audio is sending.
Do you see any errors reported in the Polycom? Or whatever you're connecting to?
Did you try enabling h.460?
Steve
-
Hi Steve, how are you?
Seeing no problem during Polycom calls, I noticed that by selecting the "NAT is H.323 compliant:" checkbox does not connect to final destination, I will clear the H323 checkbox and select the H460 "Enable" checkbox. H. 460 "-Firewall" as shown in the image below.Best regards,
Wesley Santos