Problems with Tandberg IP conferencing

Archived from groups: comp.dcom.videoconf (More info?)

We are having major problems establishing IP videoconference on a
Tandberg 800 system. We can NetMeeting to<>from external but cannot
establish an IP call to a 'real' videoconferencing system.

Firewall is SEF - rules appear to have been setup apropriately - call
arrives on the Tandberg but does not get back out through the
Firewall. NAT is in use at the Firewall but not on the Tandberg itself
- allowing the Firewall to handle this.

Is there anyone out there who has had a similar problem with this
combination? We have even opened up the Firewall rules for the
Tandberg (temporarily) but still cannot communicate.

I have emailed Tandberg but as yet have had no response.

ISDN works fine.

I would welcome any advice....

Thanks in advance.

LC

Archived from groups: comp.dcom.videoconf (More info?)

Hi RS

SEF = Symantec EnterPrise FireWall

The specific Inbound and Outbound rules are as follows:
Rule ID: xx
Description: VC Inbound
Access Mode:
Allow Services: H245 h323 h323* telnet*
Service Limits: telnet h323 5555-5560/udp 1720/tcp
Proxy Limits: ftp-disallow-gets:0 ftp-disallow-puts:0
Advanced Services:
Application Scanning: 1
In Via: int-external
Out Via: int-internal.new
Source: Universe*
Destination: host-tandburg-n.n.n.n
Time: Authentication: User: User: Group: Group: Alert 5 minutes
threshold: Alert 15 minutes threshold: Alert Hour threshold: Alert
Day threshold: Alert Week threshold: Log Normal Activity:
1 Application Data Scanning: 1

Rule ID: xx
Description: VC Outbound
Access Mode:
Allow Services: H245 h323 h323* VC_UDP
Service Limits: h323 5555-5560/udp 1720/tcp 2326-2375/udp
Proxy Limits: ftp-disallow-gets:0 ftp-disallow-puts:0
Advanced Services:
Application Scanning: 1
In Via: int-internal.new
Out Via: int-external
Source: host-tandburg-n.n.n.n
Destination: Universe* Time: Authentication: User: User: Group:
Group: Alert 5 minutes threshold: Alert 15 minutes threshold:
Alert Hour threshold: Alert Day threshold: Alert Week threshold:
Log Normal Activity: 1 Application Data Scanning: 1

We were also advised by Symantec to disable the H323 proxy...

Does this enlighten any?

Thanks
LC

ArthurLange <artielange@cox.net> wrote in message news:<fit0909nlj5kt363ugepbmavfg2ifg7u9g@4ax.com>...
> LC,
> Tandberg tech support is usually pathetic and very arrogant.
> What ports did you open and what firewall rules did you set?
> Also what is 'Firewall SEF', which brand of firewall are you using.
>
> RS
>

Archived from groups: comp.dcom.videoconf (More info?)

"LC" <lesley.chaddock@biwater.com> wrote in message
news:5e3eba6.0404300831.1a48bb57@posting.google.com...
> Hi RS
>
> SEF = Symantec EnterPrise FireWall
>
> The specific Inbound and Outbound rules are as follows:
> Rule ID: xx
> Description: VC Inbound
> Access Mode:
> Allow Services: H245 h323 h323* telnet*
> Service Limits: telnet h323 5555-5560/udp 1720/tcp
> Proxy Limits: ftp-disallow-gets:0 ftp-disallow-puts:0
> Advanced Services:
> Application Scanning: 1
> In Via: int-external
> Out Via: int-internal.new
> Source: Universe*
> Destination: host-tandburg-n.n.n.n
> Time: Authentication: User: User: Group: Group: Alert 5 minutes
> threshold: Alert 15 minutes threshold: Alert Hour threshold: Alert
> Day threshold: Alert Week threshold: Log Normal Activity:
> 1 Application Data Scanning: 1
>
> Rule ID: xx
> Description: VC Outbound
> Access Mode:
> Allow Services: H245 h323 h323* VC_UDP
> Service Limits: h323 5555-5560/udp 1720/tcp 2326-2375/udp
> Proxy Limits: ftp-disallow-gets:0 ftp-disallow-puts:0
> Advanced Services:
> Application Scanning: 1
> In Via: int-internal.new
> Out Via: int-external
> Source: host-tandburg-n.n.n.n
> Destination: Universe* Time: Authentication: User: User: Group:
> Group: Alert 5 minutes threshold: Alert 15 minutes threshold:
> Alert Hour threshold: Alert Day threshold: Alert Week threshold:
> Log Normal Activity: 1 Application Data Scanning: 1

1) Upgrade Tandberg to latest release E3.2
2) Switch on NAT awareness in the Tandberg. Terminal settings>LAN>Advanced
AFAICR
3) Test

If you still get no joy then do this:

> We were also advised by Symantec to disable the H323 proxy...
>
> Does this enlighten any?

Remember these three things:
a) NAT is evil
b) NAT is evil, and
c) NAT is evil

Most likely the NAT prozy is translating the IP address in the header but
the h323 aware proxy is not changing in in the application layer.

If none of the above works then use the DMZ port on your firewall and make
sure there is not evil NAT on that port, i.e. you using a public IP.

And then speak to your vendor.

> Thanks
> LC

-=-peas-=-