Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Aruba 620 and h323 NAT

This thread has been viewed 1 times

  • 1.  Aruba 620 and h323 NAT

    Posted Nov 01, 2012 06:41 AM

    h323 phone does not receive or transmit rtp traffic. 

    I have WAN vlan: 

    interface vlan 3 
    ip address 85.107.28.44 255.255.255.240 


    interface fastethernet 1/4 
    description "FE1/4" 
    trusted 
    trusted vlan 1-4094 
    ip access-group "inbound_access" session 
    switchport access vlan 3 


    And LAN vlan: 

    interface vlan 2 
    ip address 192.168.2.1 255.255.255.0 
    ip nat inside 


    interface fastethernet 1/5 
    description "FE1/5" 
    trusted 
    trusted vlan 1-4094 
    switchport access vlan 2 


    To enabling NAT for users i apply "ip nat inside" to vlan 2 and internet work fine. 
    To enabling remote acces i create "inbound_access" and put it on fastethernet 1/4, it work fine. 

    ip access-list session inbound_access 
    any host 89.107.28.44 tcp 3389 dst-nat ip 192.168.2.10 3389 
    any host 89.107.28.44 tcp 4343 permit 
    any host 89.107.28.44 udp 4500 permit 
    any host 89.107.28.44 svc-https permit 
    any host 89.107.28.44 svc-icmp permit 
    any host 89.107.28.44 udp 8211 permit 
    any host 89.107.28.44 svc-gre permit 
    host 189.94.229.226 host 85.107.28.44 svc-ssh permit 
    any host 89.107.28.44 udp 500 permit 
    host 99.31.22.172 host 89.107.28.44 svc-ssh permit 


    I have avaya voip network 10.11.2.0 with media gateway g430 and sm, cm. 
    media gateway have 192.168.2.2 interface. 

    ip route 10.11.2.0 255.255.255.0 192.168.2.2 

    Route work fine. All pings go both ways. Sip phones in 192.168.2.0 works fine. 
    But h323 rtp traffic does not reach. Phone with ip 192.168.2.119 dont work. 

    How can i disable NAT for 10.11.2.0 traffic?? 



  • 2.  RE: Aruba 620 and h323 NAT

    EMPLOYEE
    Posted Nov 01, 2012 08:10 AM

    You would have to:

     

    1.  Remove IP Nat inside for that VLAN.

    2.  Create a role for your traffic

    3.  Create an ACL that permits h323 traffic and add it to the role in #2.

    4.  Add an ACL to the role in #2 that source-nats the remaining traffic 

     

     



  • 3.  RE: Aruba 620 and h323 NAT

    Posted Nov 01, 2012 08:20 AM

    Hi.

    Where should I attach the role? To  fe5 with vlan 2?



  • 4.  RE: Aruba 620 and h323 NAT

    EMPLOYEE
    Posted Nov 01, 2012 08:25 AM

    Yes.

     



  • 5.  RE: Aruba 620 and h323 NAT

    Posted Nov 01, 2012 12:24 PM

    Thank you for your response.

    I will be very grateful, if you look ещ my acl for port.

     

    ip access-list session lan_rule

    any any svc-sip-udp permit queue high tos 46 dot1p-priority 6 
    any any svc-sip-tcp permit queue high tos 46 dot1p-priority 6 
    any any svc-sips permit queue high tos 46 dot1p-priority 6 
    any any svc-h323-udp permit queue high tos 46 dot1p-priority 6 
    any any svc-h323-tcp permit queue high tos 46 dot1p-priority 6 
    alias Telephony any any permit queue high tos 46 dot1p-priority 6 
    any alias Telephony any permit queue high tos 46 dot1p-priority 6 

    any any any permit
    any any any src-nat pool NAT
    !

     

    ip NAT pool NAT 192.168.2.1 192.168.2.1



  • 6.  RE: Aruba 620 and h323 NAT

    Posted Mar 05, 2013 06:08 PM

    I may be troubleshooting a very similiar issue. Why is that I need to explicitly allow h323 traffic?



  • 7.  RE: Aruba 620 and h323 NAT

    EMPLOYEE
    Posted Mar 05, 2013 10:44 PM

    H323 does not work with Nat.