It should be if you have set it up correctly. 

Does the VSX 7000 station in the lan with privat addresses?

Does the locals see it? 

For a multipoint guide for the  VSX 7000

http://extension.oregonstate.edu/internal/computing/sites/default/files/PolyCom_VSX_7000_Multipoint_... 

Being able to call behind the firewall and through the firewall depends on the firewall itself. It depends on how the firewall does NAT.

Here’s how I explain the function:

If the NAT is 323 compatible is checked, In the HDX firewall settings, the HDX is putting the ‘real’ (internal) IP address at both layer 3 and layer 7 of the packet.

If it is unchecked, the unit puts the ‘real’ IP address in L3 and the WAN (external) IP in L7 of the packet.

'NAT is compatible' is extremely close, in real-world function, to having no NAT settings at all. When it is checked, the unit is depending on the firewall to intercept the packets & do the L3 NAT (change internal IP to external IP/vice-versa), as well as open the payload of the packet, determine if there is anything ‘to do’ (such as determine if it is an H245 packet and alter the IP address/port numbers contained therein) & do whatever is necessary.

When not checked, the codec has the simple thought process of: “the firewall here is dumb, so I have to put the WAN IP in the payload part so this call will work”

The layer 3 part of the packet, regardless of the NAT settings, is the same as it would not work otherwise.

So to get 'best of both worlds' the 'NAT is H323 compatible' needs to be checked. The rest depends on the firewall.

2 Kendo: thnx, we have no problems working throught nat. I have uncheched  'NAT is H323 compatible' and said "no ip nat service h323" on cisco router.

the problem is when I configure polycom VSX 7000 to work throught nat I cannot connect to endstations on LAN(blank screen, no sound on our side, like here: http://support.polycom.com/global/documents/support/setup_maintenance/products/video/vsx_series_admi... on p.12-12)

we would like to talk with LAN and WAN endstations without reconfiguring VSX 7000 and make multipoint with both of them. I need to know for shure is it possible or not.

We have no problems connecting in LAN when NAT is off.

For this situation, I think I'd recommend a Polycom VBP E Series & put all your end points inside & let the VBP deal with external traffic sat side by side with the Cisco FW.

http://www.polycom.co.uk/products/telepresence_video/security_remote_access/index.html

Pete

Hmm! Nice PDF Kendo.  That'll cut many of my tech support calls short (or sell loads of VBP(E)s:)LOL

Sorry for long silence.

kendo, thank you for explanation! now I need the nat device to work as "h323 compatible"

the device is Cisco 7206VXR-G2,

ios is C7200P-ADVENTERPRISEK9-M, Version 15.0(1)M7.

as far as I understood by default cisco routers have h323 compatible nat, but because of ios bugs they dont work as expected, at least with polycoms.(http://otrs.xperteam.nl/otrs/public.pl?Action=PublicFAQZoom;ItemID=3)

so external calls dont work with default nat config, the only command I now to impact the nat h323 behavior is "no ip nat service h225" to make it h323 incompatible.

should I dig in the way of "voice service voip"?

I found this and will try when here will be no users.

2 petet: thnx, I hope we wont need to buy new devices, looking for other solution.