Educational Service District 123

 
  • Increase font size
  • Default font size
  • Decrease font size
Home H.323 Tips and Tricks

Video-Over-IP (H.323) Considerations Tips and Tricks

E-mail
 

H.323 Endpoint Naming Convention (Suggested)
Fixed Endpoints
  • DistrictName-SchoolName-Building Name/Number [optional]-RoomNumber
  • Example: OurSD-OurMS-A-312 or ESD123-B202
    (in this case, EntityName-Building and RoomNumber
Mobile Endpoints
  • DistrictName-HostName
  • Example: ESD123-TechMan

We recommend using dashes as a separator instead of underscores as the underscores are not compatible with all end-point equipment.



K-20 H.323 Loop Back Numbers

  • New Codian Loopback (Seattle) - 0332222
  • New Codian Loopback (Spokane) - 0342222
  • Old Polycom Loopback (Seattle) - 0310609

    • Will only work if you have registered with the K-20 Gatekeeper as outlined below



K-20 Gatekeeper

  • K-20 Gatekeeper IP address: 68.179.206.20
  • DNS name: gk.wa-k20.net

    • This DNS name will replace the existing address of 68.179.206.20, though both will work in the interim. Some Endpoint equipment will only accept IP addresses for the "gatekeeper" entry. Gatekeeper registration information is available at the K-20 Education Network Portal



Cisco Firewall - Disable H.323 FIXUP/INSPECT Maps

  • We recommend disabling H.323 FIXUP/INSPECT Maps on Cisco PIX and ASA firewall devices. Current generation ASA firewalls are shipping with H.323 FIXUP/INSPECT Maps disabled. Verify the correct commands for your Cisco firewall, but we've had success with the following commands in the correct context:
  • Cisco PIX:
    PIX(config)# no fixup protocol h323 h225 1720
    PIX(config)# no fixup protocol h323 ras 1718-1719
  • Cisco ASA:
    ASA(config)# policy-map global_policy
    ASA(config-pmap)# class inspection_default
    ASA(config-pmap-c)# no fixup protocol h323 h225 1720
    ASA(config-pmap-c)# no fixup protocol h323 ras 1718-1719

    • Incorrect commands can render your firewall inoperable. Verify the correct commands for your device before making changes.



Cisco Firewall - H.323 TCP/UDP Ports

  • TCP:
389 (LDAP)
1503 
1720 (H.323) 
1731 
3230-3235 (VS 512, PVX, VSX 7000, VSX 8000) 
3603
  • UDP:
1718 (gateway) 
1719 (gateway) 
3230-3235 (VS 512, PVX) 
3230-3248 (VSX 8000) 
3230-3253 (VSX 7000)

We recommend that you establish service groups for these settings; i.e. H323_TCP, H323_UDP. We use one “master” UDP service group that opens UDP ports 3230-3253 since that range is needed for our VSX 7000 and inclusive of the ports needed for our other Polycom equipment.

Even in a static-IP environment, you will need to use the “fixed-ports” option in the endpoint equipment settings to restrict the range utilized by the equipment to those listed above (the ones listed for specific equipment are the defaults).

As noted, some of these TCP/UDP ports are required by your endpoints, NOT by K20's Codian or Polycom equipment at the MCU. Please verify the required TCP/UDP ports with your endpoint manufacturer.

Polycom PVX-specific note: Under the “Network” tab, enable the “Use the External (WAN) IP Address”, then check the box for “Use fixed ports”, and then check “Use the PC’s Local IP Address”. This will cause the “Use fixed ports” option to be active, even though it appears to be grayed-out.



General Notes:
Make sure that you check your vendor’s support website for the latest software and firmware updates.
If you have trouble connecting, try disabling AES encryption. On host-based software codecs (i.e. Polycom PVX), if you get a “low-resource” or CPU warning, try re-booting the host system. In your other considerations, do not overlook bandwidth management, especially with the recent proliferation of host-based software codecs, as it is easy to totally saturate a T1 with H.323 traffic if you do not have some limiting mechanism in place.
Check out www.polycom.com for some excellent white papers on the technical considerations of H.323 implementation. Also check out K-20's Website for additional information . This document will be posted and updated as more information becomes available on our website.
ESD 123 Technology Staff

ISDN-Specific Notes:
On an ISDN-related note, if you are connecting a Polycom VSX 7000 to an Ascend/Lucent Imux and are unable to complete a call, make sure that “System”, “Admin Settings”, “Network”, “V.35/RS-449/RS-530”, page 3 of 5, “CTS” is set to “Ignore”. This is not really an H.323 issue, just some hard-won piece of information that I thought we would share.
Thanks, Soren
Last Updated ( Tuesday, 25 October 2011 10:26 )