Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problem with Video Conferencing through Netscreen-50

Status
Not open for further replies.
anilsiri

anilsiri

Technical User
Jun 20, 2003
23
0
0
US
Hi,

We have Netscreen-50 at our end and NS-100 at US end. Our Internal networks connect via VPN configured on Netscreen. We have polycom Viewstation Video conference equipment behind the firewalls at both ends. Video conference was working fine between the two sites, but recently when we upgraded the Netscreens to screenOS 5.0, video conference is not working. What needs to be enabled on Netscreen to make it work with Polycom? Please help.

Thanks,
Anil
 
Sort by date Sort by votes
Hello,
Recently, I was asked to modify our Netscreen 25 to accomodate a "test" VC between my offic and Polycom engineers. They told me that it's crucial that a Public IP is used, so you might want to setup a Point-to-Point policy using MIPs. One for each Polycom Unit, and something like:

Site1:
(untrust to trust)
2.2.2.2/32-->Polycom Object-->ANY-->Permit-->NAT
(trust to untrust)
Polycom Object-->2.2.2.2-->ANY-->Permit-->NAT

Site2:
(untrust to trust)
1.1.1.1/32-->Polycom Object-->ANY-->Permit-->NAT
(trust to untrust)
Polycom Object-->1.1.1.1/32-->ANY-->PERMIT-->NAT

Site 1 MIP = 1.1.1.1/32 (Polycom Public IP - point MIP to internal IP)

Site 2 MIP = 2.2.2.2/32 (Polycom Public IP - point MIP to internal IP)

Note: If this works, you can then lock it down a bit further by creating a Service Group. Since it host to host, you should be OK.

My theory is that the VPN is causing the issues, so I would at least try the above config. Hope this helps.

Rgds,

John
 
Upvote 0 Downvote
I enabled debug h323 all option on Netscreen-50 and tried to connect to otherend video conf box and I could see the following in "get dbuf stream"

## 02:07:07 : Q931 cookie id 128
## 02:07:07 : Error!!! - (Unknown H.323 Packet)
## 02:07:07 : Error - Invalid packet - dropped.
## 02:07:07 : Error - Cannot process packet.
## 02:07:14 : Q931 cookie id 128
## 02:07:14 : Error!!! - (Unknown H.323 Packet)
## 02:07:14 : Error - Invalid packet - dropped.
## 02:07:14 : Error - Cannot process packet.
## 02:07:26 : Q931 cookie id 128
## 02:07:26 : Error!!! - (Unknown H.323 Packet)
## 02:07:26 : Error - Invalid packet - dropped.
## 02:07:26 : Error - Cannot process packet.
## 02:07:28 : Q931 cookie id 127
## 02:07:28 : Q931 - Release Complete (CRV:0x763b)

What does this mean?

Thanks,
Anil
 
Upvote 0 Downvote
After you made the changes or over the VPN? If you're still using the VPN, I would imagine it's related to the internal addressing. Did you try and contact Polycom?

They were very helpful with us...

Rgds,

John
 
Upvote 0 Downvote
If you are using the polycomm software, make sure that you select in the software that you are not behind a firewall or being proxied.

For some reason it misinterprets the data stream otherwise.

Regards.

Njetscreamer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
148
Sameer258
Sameer258
ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
50
iggsterman
iggsterman
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
62
Russtoleum
Russtoleum
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
52
ISDPCMAN
ISDPCMAN
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
42
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top