Plantronics + Polycom. Now together as Poly Logo

Inbound internal video calls require 'NAT is H323 Compatible'

Rusty56
Occasional Contributor

Inbound internal video calls require 'NAT is H323 Compatible'

Polycom HDX 8000

 

We recently installed a Polycom HDX 8000 system on our network. It's just a single endpoint wiith no gatekeepers, etc.

 

We are able to make and receive video calls to/from external clients. 

 

We also have some remote sites that have video conferencing units. We can make calls to those sites across

our site-to-site VPN without any issues.

 

However, when those remote sites call into our system, they don't receive our audio or video but we can see and hear the farside.

 

The only way that their inbound calls to us work properly is if we enable 'NAT is H323 Compatible' on the Polycom system.

 

We're not seeing that any traffic is being blocked on the connection.

 

The remote sites are using LifeSize units.

Message 1 of 3
2 REPLIES 2
GaryMiyakawa
Respected Contributor

Re: Inbound internal video calls require 'NAT is H323 Compatible'

This is a very typical Firewall issue.   Your firewall does NOT understand H.323 protocol.    Opening the ports is NOT sufficent.

 

Talk to your firewall guys and see if there is a "Fixup" or Application Layer Gateway that could make the H.323 required changes..

 

Good luck,

 

Gary M

Wanna' Test your H.323 System? (71.14.2.157 or 71.14.2.158)
cb157.miyakawa.us and cb158.miyakawa.us
www.miyakawa.us
www.codecsidekick.com
Message 2 of 3
Kendo
Polycom Employee

Re: Inbound internal video calls require 'NAT is H323 Compatible'

Here’s how I explain the function:

 

If the NAT is 323 compatible is checked, the unit is putting the ‘real’ IP address at both layer 3 and layer 7 of the packet.

 

If it is unchecked, the unit puts the ‘real’ IP address in L3 and the WAN IP in L7 of the packet.

 

NAT is compatible is extremely close, in real-world function, to having no NAT settings at all. When it is checked, the unit is depending on the firewall to intercept the packets & do the L3 NAT (change internal IP to external IP/vice-versa), as well as open the payload of the packet, determine if there is anything ‘to do’ (such as determine if it is an H245 packet and alter the IP address/port numbers contained therein) & do whatever is necessary.

When not checked, the codec has the simple thought process of: “the firewall here is dumb, so I have to put the WAN IP in the payload part so this call will work”

 

The layer 3 part of the packet, regardless of the NAT settings, is the same as it would not work otherwise.

 

Ken
Polycom
Sr. Product Support Technician
Message 3 of 3