• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hi all! I have a problem with translating Polycom's throught NAT. I have a router cisco2821. on it i have static NAT to translate inside IP-address to outside Public IP. I find that the problem in IOS of my Router.It works bad with H.323 NAT. I tried a lot of combination to solve this problem using different command on router.No result(. At the same time i cant change IOS,because old version is not stable(the router is reloading and dont answering,polycoms are working!) Do you have any advice,how can i assosiate Polycoms to Internet?

 

Thank you for your help,Peter

3 REPLIES 3
HP Recommended

Here is an exploitation of how the Polycom handles NAT with the 'Nat is H323 compatible' setting

 

If the NAT is 323 compatible is checked, the unit is putting the ‘real’ IP address at both layer 3 and layer 7 of the packet.

 

If it is unchecked, the unit puts the ‘real’ IP address in L3 and the WAN IP in L7 of the packet.

 

NAT is compatible is extremely close, in real-world function, to having no NAT settings at all. When it is checked, the unit is depending on the firewall to intercept the packets & do the L3 NAT (change internal IP to external IP/vice-versa), as well as open the payload of the packet, determine if there is anything ‘to do’ (such as determine if it is an H245 packet and alter the IP address/port numbers contained therein) & do whatever is necessary.

When not checked, the codec has the simple thought process of: “the firewall here is dumb, so I have to put the WAN IP in the payload part so this call will work”

 

The layer 3 part of the packet, regardless of the NAT settings, is the same as it would not work otherwise.

 

 

HP Recommended

I believe the OP understands NAT?

one key point is Cisco firewall. Try 'no fixup H.323'

HP Recommended

Peter,

 

This is a common problem, and the best explanation I can provide is that traditional "data" firewalls (2831, SonicWall, etc.), are NOT good H.323 application layer gateways.

 

In these situations, success is typically found in removing all settings for H.323 fixup / inspection for this endpoint in the firewall, and allowing a persistent, bi-directional port forward / NAT to the endpoint on these ranges.  (Note: You didn't specify *which* Polycom endpoint you're using - this range should suit them all, up to and including the HDX family.)

 

1720 (TCP)
3230 - 3243 (TCP)
3230 - 3341 (UDP)

 

In the admin settings of the endpoint, in the IP Network > Firewall settings, be sure to enable the Fixed Ports option.  From there, the only options to "play around with" are whether you enable the NAT config / H.323 compatibility.

 

Cheers,

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.