Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
CISCO AS5300 - H323 PORT 1720 PROBLEM 1
- Thread starter aliggee
- Start date
-
1
- #2
Alistair,
port 1720 is h323 - you can't change the listen port afaik - well, perhaps you can do some protocol translation and make an additional listen port that ties to 1720.
As far as being 'closed' on the remote end - I'm guessing you're doing voip in a country that doesn't allow it?
It happens. The easiest way to get around this is to just create a GRE tunnel between the devices and run your calls through that. I've done the EXACT same thing when a buddies' ISP did that to him.
port 1720 is h323 - you can't change the listen port afaik - well, perhaps you can do some protocol translation and make an additional listen port that ties to 1720.
As far as being 'closed' on the remote end - I'm guessing you're doing voip in a country that doesn't allow it?
It happens. The easiest way to get around this is to just create a GRE tunnel between the devices and run your calls through that. I've done the EXACT same thing when a buddies' ISP did that to him.
- Thread starter
- #3
a gre tunnel is a virtual point to point interface, just like an vpn connection. gre(alone) does nothing for security, however.
though this doc primarily addresses multicast over gre, you should be able to get the idea:
though this doc primarily addresses multicast over gre, you should be able to get the idea:
- Thread starter
- #5
aliggee,
basically, imagine this:
(unfiltered situation)
[router1]1.1.1.1---internet---2.2.2.2[router2]
everything is fine, your dial peers are pointing at 1.1.1.1, and 2.2.2.2. Then, someone starts filtering 1720, so, we overlay a private tunnel ON TOP of the public internet:
[router1]1.1.1.1---internet---2.2.2.2[router2]
(adding a private tunnel, just like a serial connection)
[router1]3.3.3.1---internet---3.3.3.2[router2]
you can then ping 3.3.3.1 and 3.3.3.2 from each other - it's like you created a brand new serial link on top of the public connection - a tunnel.
so, on router1, this is the config:
interface tunnel1
ip address 3.3.3.1 255.255.255.252
tunnel source 1.1.1.1
tunnel destination 2.2.2.2
on router2, it's the reverse:
int tunnel1
ip address 3.3.3.2 255.255.255.252
tunnel source 2.2.2.2
tunnel destination 1.1.1.1
Try that. Note: this is not encrypted at all.
basically, imagine this:
(unfiltered situation)
[router1]1.1.1.1---internet---2.2.2.2[router2]
everything is fine, your dial peers are pointing at 1.1.1.1, and 2.2.2.2. Then, someone starts filtering 1720, so, we overlay a private tunnel ON TOP of the public internet:
[router1]1.1.1.1---internet---2.2.2.2[router2]
(adding a private tunnel, just like a serial connection)
[router1]3.3.3.1---internet---3.3.3.2[router2]
you can then ping 3.3.3.1 and 3.3.3.2 from each other - it's like you created a brand new serial link on top of the public connection - a tunnel.
so, on router1, this is the config:
interface tunnel1
ip address 3.3.3.1 255.255.255.252
tunnel source 1.1.1.1
tunnel destination 2.2.2.2
on router2, it's the reverse:
int tunnel1
ip address 3.3.3.2 255.255.255.252
tunnel source 2.2.2.2
tunnel destination 1.1.1.1
Try that. Note: this is not encrypted at all.
- Thread starter
- #7
thanks very much for the assistance, you are very decent.
the challenge i've got is - the far end is not cisco, it's a gsm gateway that does run a voip interface... but only a really basic one.
someone told me that you can change the outgoing port number for all h.323 calls?
Is this true?
This solution would be perfect for us as i could set all gateways to accept calls on the specified port.
thank you.
the challenge i've got is - the far end is not cisco, it's a gsm gateway that does run a voip interface... but only a really basic one.
someone told me that you can change the outgoing port number for all h.323 calls?
Is this true?
This solution would be perfect for us as i could set all gateways to accept calls on the specified port.
thank you.
- Thread starter
- #8
- Thread starter
- #10
Yes, I think that's well within the realm of the PIX - here's a doc on how to handle VoIP with a PIX:
but that's in a 'normal' deployment environment. might honestly be easier to get a pix on BOTH sides, and create an ipsec tunnel between them, or do the gre thing with any ol' IOS box.
but that's in a 'normal' deployment environment. might honestly be easier to get a pix on BOTH sides, and create an ipsec tunnel between them, or do the gre thing with any ol' IOS box.
- Status
Similar threads
- Locked
- Question