Hi, I'm hoping someone can help me out. We have been having issues recently with sending h.239 between Tandbergs and Polycoms. We recently figured out that Cisco's inspect protocols aren't actually recognizing the ports that H.239 uses. Does anyone know which ports H.239 needs?

Thanks,

upen

H.239 uses the same port ranges that video uses. We ran into that problem with a PIX firewall and had to turn off the H.323 FIXUP protocol and open the appropriate ports used for audio and video.

Thanks for the reply. That's what our problem is with, a PIX. So what ranges did you open? Are you doing NAT on the codec or the PIX?

Here is a link to a Tandberg document which identifies the ports used based on software version.http://www.tandberg.com/collateral/documentation/White_Papers/TANDBERG%20and%20H323.pdf

We opened the ports our equipment uses which is different and are not doing any NAT'ing. The FIXUP happened to be ON.

Joe is exactly correct, PIX plays with the H323/RTP traffic as it is passing through it's NAT'ing interfaces. Dependant on the version of software your PIX has is dependant on what features you get/do not get! Encryption and H.239 is usually the main features to go. If you want a complete endpoint feature set passing through the Firewall I would suggest you look at one of the following traversal solutions;

http://www.tandberg.com/products/tandberg_expressway.jsp
http://www.polycom.com/emea/en/products/network/security_firewall_traversal/security_firewall_traversal.html

or as Joe said, disable 'H323 fixup' and open all the relevant H323/RTP ports and you should be fine, this is fine for one or two endpoints but as the service grows it gets more difficult to manage, this is why Firewall traversal is an excellent asset.

James