Polycom through ISA Gatekeeper (Full Version)

All Forums >> [ISA Server 2000 General] >> H.323 Gatekeeper


tkoenings -> Polycom through ISA Gatekeeper (10.Feb.2004 2:38:00 PM)

I can connect to other Polycom units through the ISA server but no one can call me. Does anyone know how to allow a Polycom Video Conferencing unit to receive calls from outside sources through an ISA server? It can be with or without Gatekepper turned on.

dmichaud -> RE: Polycom through ISA Gatekeeper (5.Mar.2004 7:04:00 PM)

Were you able to to get your Polycom working? If not I can post the process I use. I have a Polycom ViewStation FX logged into an ISA server, receiving calls from internal nets and external users behind nat and direct over internet.

tkoenings -> RE: Polycom through ISA Gatekeeper (5.Mar.2004 7:28:00 PM)

Yes, please post it as soon as you can. Currently, I have the Polycom FX hardwired outside the firewall. It fixes the problem, but is only a bandaid. Polycom tech support has told me they will not help; it is a Microsoft issue.

dmichaud -> RE: Polycom through ISA Gatekeeper (8.Mar.2004 2:01:00 PM)

Here it is:

My ISA of course is multi-homed. Private address is referred to as and public address is
n.n.n.n My ISA server is built on top of server 2003 as it seems to handle routing much better
than w2kServer.

First create 2 new protocol definitions. You could probably incorporate these into your existing H323 protocol rule but I wanted to leave an easy way to bailout of the configuration through deletion of the new rules/protocols if needed.

In the ISA mgnt console in the navigation pane; goto "Policy Elements/Protocol Definitions".

Select "New"

Name: T.120(or whatever)
Parameters: Port 1503, type is tcp and direction is inbound.

Select "New"
Name: H323in(or whatever)
Parameters: Port 1503, type is tcp and direction is inbound.

Goto "/Protocol Rules" and select "New" and name it H323. If you already have this rule created
just edit it:

Enable should be checked.
Action: Allow
Protocol: Select H323, H323in and T.120

Goto "/Extensions/Application Filters"
Check the H323 filter, "enable" should be checked under "General Tab".

Under "Call Control Tab", in Gatekeeper section, check "Use This Gatekeeper" and Browse for and
select your ISA server.

In call direction check both "Allow Incoming and Outgoing Calls"

In Media Control check all three: Audio, Video and T.120"

Goto "H323 Gatekeepers/YourServerName/Call Routing/Phone Number Rules"
Select "Add Routing Rule"

Name: NameOfYourLocation(MainOffice or whatever)

Type should be "E164"

Prefix: enter any three digit telephone prefix (I'll explain later)

Check "Route all phone numbers using this prefix" Leave metric as "1" and check "enable rule"

Under "Destination Tab" select "Registration database"

Almost done. Now we make sure you have routes to your local subnets. Outside of the ISA Mgnt
Console, open a command prompt. Enter "route print" and make sure you have routes to your local subnets in the server's routing table. If not, add the needed routes as Persistent and close command prompt window.

Back in the ISA Mgnt console:
Goto "YourServerName/Network Configuration/Local Address Table(LAT)"

"Right Click" LAT and select "construct LAT.."

In the properties window check "Add the following private ranges"

check "Add address ranges based on the selected computer's windows 2000 routing table"

In the pull-down select "YourServerName"
Click "OK" and you should receive confirmation of LAT construction.

PolocomFX: Set your FX to register with a gatekeeper( & register E.164 with allowed
prefix from above and 4 additional digits. This is important as the FX tries to use a default
string and it needs to be a prefix + 4 digits. All internal voice/video clients need to register
with the gatekeeper using the allowed prefix and 4 unique digits.

Outside Callers: Clients outside your LAN should set their ViaVideo or Netmeeting client to "use
Gateway" as n.n.n.n This is quite easy and can be turned on/off quickly. When they make the
call, they enter the phone number (allowed prefix + 4). Their client contacts the gatekeeper ,
looks up the phone number and the call is connected.

NOTE: Be careful with bandwidth. I am using 256k when dialing with the FX. I can conference 4
video calls (including the FX) and still have about 512k left over on our T1 internet feed.

ALSO: If calls don't go through, you may have to enable IP Filtering, I have the settings and use it because of multiple private networks behind our ISA, let me know. Via-Video clients may require re-booting of local computer after configuration changes to get it to register with the gatekeeper.

If you want to test a connection from Florida, send me a prvate message from the link & we'll
exchange contact info. I would be interested to see how well it works from a longer distance as I will be setting up two connections to France in a couple of weeks. Let me know.


AHIT -> RE: Polycom through ISA Gatekeeper (9.Mar.2004 2:46:00 AM)

Guys.. this is great!

I've always just used internal Netmeeting ILS server and never bothered trying to open up my polycom to the outside world.

Has anyone tried this on an "older" machine? (MP512)

dmichaud -> RE: Polycom through ISA Gatekeeper (9.Mar.2004 1:43:00 PM)

Sorry...I'm new to Polycom (& ISA). Only used FX and ViaVideo so far. Although, I've seen some of the previous units at good prices on eBay, we may pick one up and use it in one of our remote locations. I imagine if the GUI allows access to the same objects as the FX (E164, static ports, gatekeeper etc.) I think it should work. If we get one...I'll post it. But you are right...this stuff is great. I have eight branch offices connected with a WAN (privately) behind one ISA. Our brokers should be able to shorten their selling cycle with face to face via video conference rather than waiting for physical meeting.


Never Again -> RE: Polycom through ISA Gatekeeper (28.Apr.2004 4:10:00 PM)

ISA does not accept outside registration. Polycom has said on their site that ViaVideo does not work with ISA. But besids that the gateway does not take outside registration so how would outside callers find internal endpoints.

tkoenings -> RE: Polycom through ISA Gatekeeper (3.Jun.2004 6:49:00 PM)

dmichaud, sorry for the delay in the post. I have a few questions:

1.) In setting up the protocol definitions did you intend to have two protocols with the same port and tcp settings? (1503 TCP inbound)

2.) What are your firewall settings on the polycom fx unit?

3.) Have you had other polycom units call your unit and what did they need to do?


dmichaud -> RE: Polycom through ISA Gatekeeper (23.Oct.2004 10:38:00 PM)

I too am sorry, I got busy with a project and then had to deal with all the huricanes. See:

Florida Huricane

Yes I have two of the same protocols. I try to give them a unique name. I do this so I can back-track and delete a protocol that doesn't work, avoiding a protocol/rules clutter when I'm doing config on a firewall/router.

I will double chack my polycom firewall settings and get back to you. I haven't looked at it for a while.

I do not have an FX unit calling from the outside but I do have a polycom Via-Video unit calling from outside.

Note: Only the polycom fx registers with the gatekeeper (from the inside). All external callers use the dial option above with a gateway address.

I'll post my FX settings shortly.

Page: [1]