The ViewPoint 8650 MCU is connected to the Internet. The ViewPoint9000 series videoconferencing endpoint is connected to the intranet. Static NAT for the endpoint has been configured on the firewall. The endpoint has registered with the embedded GK of the MCU. The GK is online. A conference is initiated on the web interface of the MCU. When you make a call to the endpoint on the MCU web interface, the call failed. A message indicating that the peer end does not respond to the TCP connection or does not answer the call is displayed.
Step 1 On the MCU web interface, check the causes for the call failure.
1. Choose Conferences > Ongoing Conferences.
2. On the Ongoing Conferences page, select the endpoint that fails to join the current conference, click Message in the lower left corner of the page, and check the cause for the call failure. The cause is that the peer end does not respond to the TCP connection or does not answer the call.
Step 2 Capture signaling packets on the MCU.
3. Log in to the MCU web interface, choose Settings > Maintenance > MCU Packet Capture and click Start Packet Capture, as shown in Figure 1-1.
Figure 1-1 Start Packet Capture
4. Initiate a conference and call the endpoint to join the conference.
5. When the endpoint is being connected, log in to the MCU web interface, choose Settings > Maintenance > MCU Packet Capture and click Stop Packet Capture, as shown in Figure 1-2.
Figure 1-2 Stop Packet Capture
6. On the MCU web interface, choose Settings > Maintenance > Export and click Export Packets Captured by MCU, as shown in Figure 1-3.
Figure 1-3 Export Packets Captured by MCU
Step 3 Analyze the exported MCU signaling packets.
1. Refer to Figure 1-4 to perform the following operations:
a. Enter h225 || q931 to filter messages. The result shows that the endpoint has registered with the GK, but has no setup connection signaling.
b. View the registration request message sent by the endpoint. The call signal address, that is, 192.168.1.99 (1720), of the endpoint is an intranet address.
c. Check for the Super Network Passport (SNP) redirection message that the endpoint sends to the MCU. No such message is found.
Figure 1-4 Analyzing captured MCU packets
2. Refer to Figure 1-5 to perform the following operation:
Enter ip.addr == 192.168.1.99 && tcp.port == 1720 to filter messages. The found message shows that the MCU attempts to establish a TCP connection with the ViewPoint9000 series videoconferencing endpoint using the IP address 192.168.1.99, but the attempt fails.
Figure 1-5 Address filtering
Step 4 Enable NAT on the ViewPoint9000 series videoconferencing endpoint.
Log in to the web interface of the ViewPoint9000 series videoconferencing endpoint, choose System Settings > Network > Security and Service, set Use NAT to Enable, and set NAT Address to 18.104.22.168, as shown in Figure 1-7.
Figure 1-6 Enabling NAT on the endpoint
The endpoint is connected to the intranet, but NAT is not enabled for the endpoint. As a result, the endpoint uses a CS address, which is an intranet address, to establish a TCP connection with the MCU. The MCU cannot establish a TCP connection with an intranet address, resulting in the call failure.
l In an H.323 call process, three handshakes for establishing a TCP connection are required before a setup signaling is initiated. If the TCP connection fails to be established, a message indicating TCP connection timeout or no response to the TCP connection is displayed. If this occurs, the IP address of the endpoint may be incorrect, or the call port is unreachable. Check firewall settings, as shown in Figure 1-8. Ensure that the call port of the endpoint is 1720 (by default).
Figure 1-1 Checking firewall settings
l If the onsite network involves traversal between private and public networks, NAT is required. In this case, you need to configure the Application Layer Gateway (ALG) on the firewall or enable NAT on the endpoint.
The H.323 ALG function provided by some vendors is not optimized. It is recommended that NAT be enabled on endpoints.