Cisco Systems VC-289 manual Enabling the Proxy to Forward H.323 Packets, VC-351

Page 63

Configuring H.323 Gatekeepers and Proxies

H.323 Gatekeeper Configuration Examples

Enabling the Proxy to Forward H.323 Packets

To enable the proxy to forward H.323 packets received from the edge network to the multimedia backbone, designate the interface that connects the proxy to the multimedia backbone to the ASR interface by entering the h323 asr command in interface configuration mode. Enabling the proxy to forward H.323 packets satisfies the first goal identified earlier in this section.

Because the proxy terminates two call legs of an H.323 call and bridges them, any H.323 packet that traverses the proxy will have the proxy address either in its source field or in its destination field.

To prevent problems that can occur in proxies that have multiple IP addresses, designate only one interface to be the proxy interface by entering the h323 interface command in interface configuration mode. Then all H.323 packets that originate from the proxy will have the address of this interface in their source fields, and all packets that are destined to the proxy will have the address of this interface in their destination fields.

Figure 62 illustrates that all physical proxy interfaces belong either to the multimedia network or to the edge network. These two networks must be isolated from each other for the proxy to be closed; however, the proxy interface must be addressable from both the edge network and the multimedia network. For this reason, a loopback interface must be created on the proxy and configured to the proxy interface.

It is possible to make the loopback interface addressable from both the edge network and the multimedia network without exposing any physical subnets on one network to routers on the other network. Only packets that originate from the proxy or packets that are destined to the proxy can pass through the proxy interface to the multimedia backbone in either direction. All other packets are considered unintended packets and are dropped. This can be achieved by configuring access control lists (ACLs) so that the closed proxy acts like a firewall that only allows H.323 packets to pass through the ASR interface. This satisfies the second goal identified earlier in this section, which is to ensure that only H.323-compliant packets can access or traverse the multimedia backbone.

Isolating the Multimedia Network

The last step is to configure the network so that non-H.323 traffic never attempts to traverse the multimedia backbone and so that it never risks being dropped by the proxy. This is achieved by completely isolating the multimedia network from all edge networks and from the data backbone and by configuring routing protocols on the various components of the networks.

The example provided in Figure 62 requires availability of six IP address classes, one for each of the four autonomous systems and one for each of the two loopback interfaces. Any Cisco-supported routing protocol can be used on any of the autonomous systems, with one exception: Routing Information Protocol (RIP) cannot be configured on two adjacent autonomous systems because this protocol does not include the concept of an autonomous system. The result would be the merging of the two autonomous systems into one.

If the number of IP addresses are scarce, use subnetting, but the configuration can get complicated. In this case, only the Enhanced IGRP, Open Shortest Path First (OSPF), and RIP Version 2 routing protocols, which allow variable-length subnet masks (VLSMs), can be used.

Cisco IOS Voice, Video, and Fax Configuration Guide

VC-351

Image 63
Contents VC-289 Configuring H.323 Gatekeepers and ProxiesVC-290 Principal Multimedia Conference Manager FunctionsGateway Support for Alternate Gatekeepers Zone and Subnet ConfigurationRedundant H.323 Zone Support Gatekeeper Multiple Zone SupportVC-292 Technology PrefixesTerminal Name Registration Interzone CommunicationRadius and TACACS+ Accounting via Radius and TACACS+VC-294 Interzone Routing Using E.164 AddressesVC-295 VC-296 Hsrp SupportVC-297 SecurityVC-298 Proxy Inside the FirewallVC-299 Proxy in Co-Edge ModeProxy Outside the Firewall Proxies and NATVC-300 Quality of Service Application-Specific RoutingVC-301 VC-302 Prerequisite Tasks and RestrictionsVC-303 Configuring the GatekeeperVC-304 Starting a GatekeeperH323-gateway voip h.323-id command Gw-prioritypriority gw-alias-Optional UseVC-305 Subnet-address /bits-in-mask Zone subnet commandMask-addressenable Subnet local-gatekeeper-nameVC-307 Configuring Intergatekeeper CommunicationServer-address2...server-address6 -Optional Ras gk-id@host port priorityConfiguring Redundant H.323 Zone Support Other-gatekeeper-ip-address-Specifies the IPVC-308 VC-309 Configuring Local and Remote GatekeepersOther-gatekeeper-ip-address -IP address Configuring Redundant Gatekeepers for a Zone PrefixVerifying Zone Prefix Redundancy Other-gatekeeper-name -Name of the remoteConfiguring Redundant Gatekeepers for a Technology Prefix Zone local or zone remote command. You canVC-311 VC-312 Verifying Technology Prefix RedundancyVC-313 Configuring Static NodesVC-314 Configuring H.323 Users via RadiusVC-315 Server radius or aaa group server tacacs+VC-316 VC-317 Password default password-SpecifiesVC-318 Configuring a RADIUS/AAA ServerVC-319 Users via Radius section onVC-320 Configuring User Accounting Activity for RadiusConfiguring E.164 Interzone Routing Other-gatekeeper-ip-address -Specifies the IPVC-321 VC-322 Configuring H.323 Version 2 FeaturesVC-323 Configuring a Dialing Prefix for Each GatewayVC-324 Gateway with the h323-gateway voip h.323-id commandVC-325 Following is an example of a registration messageVC-326 Configuring a Prefix to a Gatekeeper Zone ListVC-327 Arq, lcf, lrj, lrq, rrq, urq -Specifies RegistrationVC-328 VC-329 Configuring Inbound or Outbound Gatekeeper Proxied Access Remote-zone remote-zone-name -Defines aVC-330 Verifying Gatekeeper Proxied Access Configuration Router# show gatekeeper zone statusVC-331 Configuring the Proxy Configuring a Forced Disconnect on a GatekeeperVC-332 Configuring a Proxy Without ASR Show interfaces commandVC-333 VC-334 VC-335 VC-336 VC-337 Configuring a Proxy with ASRTunnel Vg-anylanVC-338 Without ASR section onVC-339 VC-340 Cisco IOS Dial Technologies CommandVC-341 VC-342 VC-343 VC-344 VC-345 Configuring a Proxy with ASR section onVC-346 Configuring a Gatekeeper ExampleVC-347 Redundant Gatekeepers for a Zone Prefix ExampleRedundant Gatekeepers for a Technology Prefix Example Interzone Routing ExampleVC-348 VC-349 Configuring Hsrp on the Gatekeeper ExampleVC-350 Using ASR for a Separate Multimedia Backbone ExampleEnabling the Proxy to Forward H.323 Packets Isolating the Multimedia NetworkVC-351 VC-352 PX1 ConfigurationVC-353 R1 ConfigurationVC-354 Co-Edge Proxy with Subnetting ExampleVC-355 PX2 Configuration R2 ConfigurationVC-356 VC-357 Configuring a QoS-Enforced Open Proxy Using Rsvp ExampleVC-358 VC-359 Configuring a Closed Co-Edge Proxy with ASRDefining Multiple Zones Example Defining One Zone for Multiple Gateways ExampleVC-360 Configuring a Proxy for Inbound Calls Example Configuring a Proxy for Outbound Calls ExampleVC-361 VC-362 Removing a Proxy Example Security ExampleGktmp and RAS Messages Example Prohibiting Proxy Use for Inbound Calls ExampleVC-363 VC-364

VC-289 specifications

Cisco Systems has long been a leader in networking technology, and among its diverse range of products is the VC-289. Designed specifically for enhanced performance in high-demand environments, the VC-289 serves a critical role in supporting the modern networking infrastructure.

One of the standout features of the VC-289 is its scalability. The device is engineered to easily accommodate expanded workloads, ensuring that organizations can grow without the need for frequent upgrades. This scalability is complemented by Cisco's commitment to backward compatibility, allowing businesses to integrate new systems with existing setups seamlessly.

In terms of performance, the VC-289 boasts impressive processing power. With advanced multi-core architecture, it is capable of handling multiple data streams simultaneously, making it ideal for environments that require consistent data flow, such as cloud computing and IoT applications. The device’s high throughput ensures that users experience minimal latency, facilitating quick data transfers even during peak usage times.

Security is another key characteristic of the VC-289. Cisco has integrated robust security protocols that protect against various cyber threats. Through features such as advanced encryption standards and intrusion prevention systems, organizations can ensure that sensitive data remains secure and is not compromised during transmission.

Another notable technology within the VC-289 is its support for software-defined networking (SDN) capabilities. This allows for more flexible network management, enabling IT teams to adapt the network according to evolving business needs. The ability to programmatically control the network also means that businesses can implement changes more rapidly, reducing downtime and improving overall productivity.

The VC-289 is designed with energy efficiency in mind, featuring power-saving modes that help reduce operational costs. This focus on sustainability not only benefits the environment but also appeals to organizations striving to meet corporate social responsibility objectives.

In conclusion, the Cisco Systems VC-289 stands as an exemplary solution for modern networking challenges. With its scalability, performance capabilities, enhanced security features, SDN support, and energy efficiency, it meets the demands of today's fast-paced and ever-evolving technological landscape. Organizations looking to invest in a robust networking solution would do well to consider the VC-289 as a cornerstone of their infrastructure.