Plantronics + Polycom. Now together as Poly Logo

RMX 1500 Firewall NAT

simbu
Occasional Contributor

RMX 1500 Firewall NAT

Hi,

 

Polycom RMX 1500 Public IP NAT problem

 

we have RMX 1500 we are tested internal calls it is working fine but when i try to connect public IP it is not connecting.

 

 

Please advice

Message 1 of 12
11 REPLIES 11
Pramod
Member

Re: RMX 1500 Firewall NAT

Hi,

 

It doesn't work through NAT, the solution is to put VBP (Video Boarder Proxy).

 

Thanks,

 

Pramod

Thanks,

Pramod Kumar
IT and AV
Business Octane Solutions
Message 2 of 12
simbu
Occasional Contributor

Re: RMX 1500 Firewall NAT

Dear Pramod,

 

Thanks for your reply when i connect public ip its getting connected ( Without VBP ), but it has giving connected with problem ''error''.

 

Kindly Advice

 

 

Message 3 of 12
simons
Polycom Employee

Re: RMX 1500 Firewall NAT

The problem is because the RMX doesn't understand how NAT works. When a firewall does NAT on an ip address, it subsitutes the private IP address for the public IP address in the header of the IP packet. Normally for daily use like web surfing, this works great. However, H323 was written to communicate not only using the IP headers but also the IP payload. This is where the failure is occuring. The each endpoint will send in the IP payload the IP address and port in which to open the video, audio, content, and FECC channels. From the RMX point of view, it doesn't know about the public NAT IP address, so it is going to use the private IP address. So when the other participant looks at the open logical meesage, it see the private IP address of the RMX which it can't probably reach.

 

The bottomline is that the RMX is NAT aware which is why you are running into this issue. There are other solutions out there depending on your level of knowledge and available equipment. Cisco for example has fixup H323 protocols which can do the this job for you. VBP was mentioned before.

 

GL,

 

S.

Message 4 of 12
Zain
Advisor

Re: RMX 1500 Firewall NAT

What about , if we assign the Public Ip direct on the RMX , instead of the LAN ip ?

Message 5 of 12
simons
Polycom Employee

Re: RMX 1500 Firewall NAT

Zain,

 

I am sorry to took so long to reply to your post. The RMX now has a feature called multiple network services which will allow you associate 1 MPM card to a Public IP address and another MPM called to your internal LAN. Then each participant can join a meeting ont he RMX regardless of whether it is from the public or private side.

 

S.

Message 6 of 12
Zain
Advisor

Re: RMX 1500 Firewall NAT

Thank You simon .

Message 7 of 12
Whatalife
Occasional Visitor

Re: RMX 1500 Firewall NAT

We have a group in School District that is trying to set up an RMX and we are trying to figure out if we can get this to work through the ASA with out the VBP.  No one in the my group has any experience with Polycom but we have read article and comments saying the Cisco ASA will "fix" the NAT problems and that we might not need a VBP? is this correct. Is this just a matter of configuring the inspect and fixup of the H323 protocal?

 

Might you have an ASA config sample of what is needed?

 

if i am understanding what I am reading these are the commands needed in a 5550.

  inspect h323 h225
  inspect h323 ras

fixup protocol h323 h225 (port #)

fixup protocol h323 ras (port #)

Message 8 of 12
Stephen85
Occasional Advisor

Re: RMX 1500 Firewall NAT

Hi Simon,

 

Nice to hear that we can assign Public IP to RMX, Kindly advice i have a RMX with MPMx with version 7.6.1.138, How can i assign public IP to this MPMx card, whether it requires 2 Mpmx card or its multiple network with single Mpmx card...

 

Thanks and Regards

Stephen

Message 9 of 12
Stephen85
Occasional Advisor

Re: RMX 1500 Firewall NAT

Its RMX 1500

Message 10 of 12