Wireless Access

Reply
New Contributor
Posts: 3
Registered: ‎11-01-2012

Aruba 620 and h323 NAT

h323 phone does not receive or transmit rtp traffic. 

I have WAN vlan: 

interface vlan 3 
ip address 85.107.28.44 255.255.255.240 


interface fastethernet 1/4 
description "FE1/4" 
trusted 
trusted vlan 1-4094 
ip access-group "inbound_access" session 
switchport access vlan 3 


And LAN vlan: 

interface vlan 2 
ip address 192.168.2.1 255.255.255.0 
ip nat inside 


interface fastethernet 1/5 
description "FE1/5" 
trusted 
trusted vlan 1-4094 
switchport access vlan 2 


To enabling NAT for users i apply "ip nat inside" to vlan 2 and internet work fine. 
To enabling remote acces i create "inbound_access" and put it on fastethernet 1/4, it work fine. 

ip access-list session inbound_access 
any host 89.107.28.44 tcp 3389 dst-nat ip 192.168.2.10 3389 
any host 89.107.28.44 tcp 4343 permit 
any host 89.107.28.44 udp 4500 permit 
any host 89.107.28.44 svc-https permit 
any host 89.107.28.44 svc-icmp permit 
any host 89.107.28.44 udp 8211 permit 
any host 89.107.28.44 svc-gre permit 
host 189.94.229.226 host 85.107.28.44 svc-ssh permit 
any host 89.107.28.44 udp 500 permit 
host 99.31.22.172 host 89.107.28.44 svc-ssh permit 


I have avaya voip network 10.11.2.0 with media gateway g430 and sm, cm. 
media gateway have 192.168.2.2 interface. 

ip route 10.11.2.0 255.255.255.0 192.168.2.2 

Route work fine. All pings go both ways. Sip phones in 192.168.2.0 works fine. 
But h323 rtp traffic does not reach. Phone with ip 192.168.2.119 dont work. 

How can i disable NAT for 10.11.2.0 traffic?? 

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Aruba 620 and h323 NAT

You would have to:

 

1.  Remove IP Nat inside for that VLAN.

2.  Create a role for your traffic

3.  Create an ACL that permits h323 traffic and add it to the role in #2.

4.  Add an ACL to the role in #2 that source-nats the remaining traffic 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎11-01-2012

Re: Aruba 620 and h323 NAT

Hi.

Where should I attach the role? To  fe5 with vlan 2?

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Aruba 620 and h323 NAT

Yes.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎11-01-2012

Re: Aruba 620 and h323 NAT

Thank you for your response.

I will be very grateful, if you look ещ my acl for port.

 

ip access-list session lan_rule

any any svc-sip-udp permit queue high tos 46 dot1p-priority 6 
any any svc-sip-tcp permit queue high tos 46 dot1p-priority 6 
any any svc-sips permit queue high tos 46 dot1p-priority 6 
any any svc-h323-udp permit queue high tos 46 dot1p-priority 6 
any any svc-h323-tcp permit queue high tos 46 dot1p-priority 6 
alias Telephony any any permit queue high tos 46 dot1p-priority 6 
any alias Telephony any permit queue high tos 46 dot1p-priority 6 

any any any permit
any any any src-nat pool NAT
!

 

ip NAT pool NAT 192.168.2.1 192.168.2.1

Frequent Contributor II
Posts: 159
Registered: ‎12-06-2010

Re: Aruba 620 and h323 NAT

I may be troubleshooting a very similiar issue. Why is that I need to explicitly allow h323 traffic?

Network Engineer | Airhead | Titus 3:5
Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Aruba 620 and h323 NAT

H323 does not work with Nat.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: