The equipment is setup as follows -

-Tandberg 6000 MXP on our LAN
-Tandberg 150 going into VPN router at remote location, configured to tunnel into our LAN. The IP of the 150 is on a different subnet than the 6000 MXP.

All network traffic seems to pass fine through the tunnel, except for h323. I can remote admin the 150, and make all sorts of connections to a PC on that same subnet.

When I try to connect a video call, only the inital connection on port 1720 is successful (as shown by the netstat command, telneting into the tandberg 150). All of the other connections are not being completed.

The vpn is supposedly configured to allow all traffic through, and the only one we're having trouble with is h323. Could this be a misconfigured setting on the tandbergs, or is this a likely router misconfig problem?

Thanks in for any help or ideas to try.

what's providing the VPN tunnel? If its a Cisco PIX its probably munging the traffic.

Try turning off encryption on the endpoint (this capability confuses the pix) and make sure fixup is off on the PIX.

When I try to connect a video call, only the inital connection on port 1720 is successful (as shown by the netstat command, telneting into the tandberg 150). All of the other connections are not being completed.

Are you going through a NAT? H.225 (1720) seems to have worked outbound. Within that connection the originating codec receives the port for the H.245 communications (next connection) and then tries to open that connection. If the far end send back a wrong IP address (NAT etc) it will not connect the remaining connections. The codec only knows its own IP address and knows nothing about the NAT IP unless you tell it by setting 'NAT On' with appropriate IP address.

Sean

Probably your IP subnet for Tandberg is absent in access-list for IPSec, please check …

Probably your IP subnet for Tandberg is absent in access-list for IPSec, please check …

Not likely considering...

I can remote admin the 150, and make all sorts of connections to a PC on that same subnet.

When I try to connect a video call, only the inital connection on port 1720 is successful

I think you need a refund on your certs

You want be in ignore list ...?

sean's point about the NAT is a good one.. if its on, and it shouldn't be (assuming the subnets are directly routable which it sounds like) you will get messed up connections.

if the two subnets are directly routable to each other via the VPN, ensure NAT is off on both codecs and then I looking into the VPN box for any 'h323 aware' features. Try turning off encryption if its a PIX too.