A challenge.
We have a Cisco 2600 router with 4 adsl line cards whapped into the back.
Hanging off of this we have a video conference unit. Our isp has configured the router to load balance the outgoing bandwidth, and it works very well. We can dial remote locations at high speed and all is peachy.
The issue we have is incoming. For some reason the router is not allowing the call setup negotiation to occur. It connects ok, but after connecting the two vid conf units exchange video codecs etc to setup the call. This isn't happening.
Our isp and our vid conf support chap have tried everything they can think of. Even to the point of directly mapping all ports to the internal ip. No joy. Is there any peculiarity with the 2600 that could cause this? Is it H.323 compatible?
I can get the unit working as advertised by placing it on our leased line and giving it a real IP so the unit is fine. (I can also call it internally via netmeeting)
It seems odd that calling out is fine but calling in isn't working. It's now been escalated to Cisco as a possible fault, but I know there are a few on here that are familiar with these things and wondered if you've come across this issue before.
G-man, I'd suggest you have a chat to tugs, he's heavily into CISCO, so I'll ask him to post back here to see if it's that kinda thang that he's into.....
TL.
cheers TL, appreciated. I knew someone here knew about them.
I guess no one has come across this then. Oh well. I'll throw the 2600 in the bin.
QuoteOriginally posted by Gandalf-LordOfJelly@Nov 13 2003, 12:33 PM
I guess no one has come across this then. Oh well. I'll throw the 2600 in the bin.
I haven't done the adsl 2600 stuff, but I'd be looking at the traffic coming in one path and going out another. The conversations wouldn't complete and you'd end up with nothing. Does it work if you take the load balancing off?
nope. tried that. even tried running it with all ports mapped to the internal ip.
just a thought, we have a block of 8 ips and the ip that the system is running on is the one that is normally used as the gateway ip. would that make a difference? (I didn't set the system up, our ISP done this)
Internet -------- firewall ------ Video thing?
The gateway inbound from tinternet is the one being NAT'd to the video thing?
draw me a picture.....
Intarweb-------2600(192.168.1.1 internal ip, GW for LAN)------VideoConf(192.168.1.30 LAN address, 212.***.***.1 WAN address)
As simple as that. As mentioned, we can call out with no problems at all, it's just incoming calls. They are connecting (I get a successful connect in the log), but the systems are not negotiating the required codecs to talk to each other. So the call just ends after a timeout for the negotiation.
May be related, but FTP doesn't work as well due to the load balancing. Keep getting a no route to host message. A real pain, but they're gonna fix that once we get the video working.
QuoteOriginally posted by Gandalf-LordOfJelly@Nov 13 2003, 01:00 PM
Intarweb-------2600(192.168.1.1 internal ip, GW for LAN)------VideoConf(192.168.1.30 LAN address, 212.***.***.1 WAN address)
As simple as that. As mentioned, we can call out with no problems at all, it's just incoming calls. They are connecting (I get a successful connect in the log), but the systems are not negotiating the required codecs to talk to each other. So the call just ends after a timeout for the negotiation.
May be related, but FTP doesn't work as well due to the load balancing. Keep getting a no route to host message. A real pain, but they're gonna fix that once we get the video working.
ok, assuming that your external appears as .1 (Check on shields up on grc.com) then I wouldn't trust it to use the same address for your VC.
Can you change it to an unused? If that is the case and you are port forwarding I wouldn't trust that either.
Can you mail the cisco config, blat the addresses for security. PM for my address. I'll look properly and pass it round here.
I don't have access to the cisco, I'll see if I can get the script from them.
Ask me in 3 years when i've finished my CISCO academy ;)
QuoteOriginally posted by TuToNiC@Nov 13 2003, 01:42 PM
Ask me in 3 years when i've finished my CISCO academy ;)
Don't do it, IT is the most unrewarding job you could possibly do. It pays bills and makes you popular with ladies, but that is it. oh hang on, I'm only half right.
Dont worry, I wasn't planning on paying any bills :norty:
Looks like you struck out then Tut as it certainly doesn't make you popular with the ladies.
Gandy pm me all the details and some of the logs if you have them and i'll contact some of the cisco guys i used to work with, although tbh you are best off going down the cisco helpdesk route. Make sure you don't get the TAC in the phillipines as they are shite. Try after 1pm and get the guys in the states or ask to speak to the guys in brussels. They really do know their stuff.
QuoteOriginally posted by Gh0st Face Killah@Nov 13 2003, 06:16 PM
speak to the guys in brussels.
heh heh heh, I misread that.......chortle, chortle
ok, I have a feeling I know why the incoming calls are not completing.
We have the system set with the main ip. The call comes in on that ip fine. Our system then opens a UDP port back to the other system to confirm connection details. However, I think that due to the load balancing the port is being opened on the OTHER line, and when the remote unit responds it's responding on the main line, which of course will be closed.
I may be wrong, but I think that this is what is happening. It's a real pain, but at least we can dial out. I just have to get them to get the load balancing working correctly now so we can have out 512 upload again.
Thoughts?
Quotetraffic coming in one path and going out another
um....
Didn't you say you'd tried it with load balancing off though?
I've had problems before with BGP and outbound load balancing, had to force it down one pipe for the same reasons, it's a right pain in the ass.
If the Cisco isn't your config, you can only stand on the suppliers till they sort it. And they probably won't. :angry: You should get a copy of the config though
QuoteOriginally posted by Benny@Nov 14 2003, 11:59 AM
You should get a copy of the config though
I'll see what I can do.