[isalist] FW: How to publish a Polycom 7000e VSX H.323 Videoconference Device Behind ISA Server 2004
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sat, 27 Oct 2007 10:36:55 -0500
How to publish a Polycom 7000e VSX H.323 Videoconference Device Behind
ISA Server 2004
View products that this article applies to.
<http://support.microsoft.com/kb/556039/EN-US/#appliesto>
Author: MICHAEL BAZAREWSKY MCT
Community Solutions Content Disclaimer
<http://support.microsoft.com/kb/556039/EN-US/#csDisclaimer>
Article ID
:
556039
Last Review
:
October 26, 2007
Revision
:
1.0
SUMMARY
This article describes how to publish a Polycom 7000e VSX
videoconference device behind ISA Server 2004 to external users. This
information most likely would also apply to other H.323 devices.
Back to the top <http://support.microsoft.com/kb/556039/EN-US/#top>
SYMPTOMS
You have a Polycom 7000e VSX device and you would like to publish it to
the Internet behind an ISA Server 2004 installation.
Back to the top <http://support.microsoft.com/kb/556039/EN-US/#top>
RESOLUTION
ISA Server 2004 is an application-aware firewall and as such, devices
that try to "outsmart" a NAT firewall can cause difficulties when you
try to publish those devices. The following steps describe the process
used to publish this device.
1.
Disable the ISA Server H.323 Filter Add-in.
2.
On the Polycom, disable NAT support.
3.
On the Polycom, disable H.323 knowledge of NAT.
4.
On the Polycom, configure fixed TCP and UDP ports; this device only
allows configuring the starting ports. Use starting port numbers of TCP
3230 (automatic ending port 3235) and UDP 3230 (automatic ending port
3253).
5.
On the Polycom, configure the public address as manual with the
appropriate external public address that will be used on the ISA Server.
6.
On the Polycom, configure the public address for the public directory.
7.
On the Polycom, configure the LAN IP settings to include the ISA Server
as the external gateway (directly or indirectly through other routers).
8.
On the ISA Server, create a new protocol definition named "Polycom
Inbound TCP 1720" for incoming TCP port 1720.
9.
On the ISA Server, create a rule named "Polycom Inbound TCP 3230-3235"
for incoming TCP ports 3230-3235.
10.
On the ISA Server, create a rule named "Polycom Inbound UDP 3230-3253"
for incoming UDP ports 3230-3253.
11.
On the ISA Server, create a publishing rules for each of the protocol
definitions, publishing the internal Polycom IP address. Be sure to set
the publishing rule to set the traffic to appear as coming from the ISA
server, NOT the original client.
12.
Optionally, on the ISA Server, create a web publishing rule to for the
administration web site on the Polycom (HTTP on TCP port 80). This is
not necessary for normal use but can be helpful when troubleshooting and
testing.
13.
On the ISA Server, created a client protocol definition, "Polycom
Outbound", with ports TCP 3230-3235 and UDP Send 3230-3253.
14.
On the ISA Server, create a rule called "Videoconferencing Outbound"
allowing the "H.323 Protocol" protocol from "Internal" to "External" for
"All Users".
15.
On the ISA Server, create a rule called "Polycom Outbound" allowing the
"H.323 Protocol" protocol from "Internal" to "External" for "All Users".
To diagnose the configuration, you can use NetMeeting on an external IP
address connecting to the ISA Server published public address. The
Polycom administration pages include a Diagnostics page that allows for
viewing the local video and remote video. That means an administrator
can remotely see the full call traffic on both sides (NetMeeting for the
remote view, the admin pages for the local view).
Back to the top <http://support.microsoft.com/kb/556039/EN-US/#top>
________________________________
APPLIES TO
*
Microsoft Internet Security and Acceleration Server 2004 Standard
Edition
Back to the top <http://support.microsoft.com/kb/556039/EN-US/#top>
Keywords:
kbpubmvp kbpubtypecca kbhowto KB556039
Back to the top <http://support.microsoft.com/kb/556039/EN-US/#top>
COMMUNITY SOLUTIONS CONTENT DISCLAIMER
MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO
REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE
INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION
AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES
AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS,
INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND
NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL
MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT,
PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA
OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR
INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN,
WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR
OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF
THE POSSIBILITY OF DAMAGES.
Back to the top <http://support.microsoft.com/kb/556039/EN-US/#top>
Other related posts:
- » [isalist] FW: How to publish a Polycom 7000e VSX H.323 Videoconference Device Behind ISA Server 2004
