Manuals / Cisco Systems / Household Appliance / Home Security System

Cisco Systems VC-289 manual Proxy Inside the Firewall, VC-298

Models: VC-289

1 76

Download 76 pages 30.7 Kb

Page 10

Image 10

Configuring H.323 Gatekeepers and Proxies

H.323 Proxy Features

Proxy Inside the Firewall

H.323 is a complex, dynamic protocol that consists of several interrelated subprotocols. During H.323 call setup, the ports and addresses released with this protocol require a detailed inspection as the setup progresses. If the firewall does not support this dynamic access control based on the inspection, a proxy can be used just inside the firewall. The proxy provides a simple access control scheme, as illustrated in Figure 58.

Figure 58 Proxy Inside the Firewall

Terminals

Gatekeeper

Proxy

Firewall

Edge router

Outside devices

S6913

Because the gatekeeper (using RAS) and the proxy (using call setup protocols) are the only endpoints that communicate with other devices outside the firewall, it is simple to set up a tunnel through the firewall to allow traffic destined for either of these two endpoints to pass through.

Cisco IOS Voice, Video, and Fax Configuration Guide

VC-298

Page 10

Image 10

Cisco Systems VC-289 manual Proxy Inside the Firewall, VC-298

Contents

H.323 Gatekeeper Features, page Multimedia Conference Manager OverviewConfiguring H.323 Gatekeepers and Proxies H.323 Proxy Features, pageZone and Subnet Configuration, page H.323 Gatekeeper FeaturesPrincipal Multimedia Conference Manager Functions Redundant H.323 Zone Support, pageInterzone Routing Using E.164 Addresses, page Zone and Subnet ConfigurationRedundant H.323 Zone Support Gatekeeper Multiple Zone SupportTechnology Prefixes VC-292Accounting via RADIUS and TACACS+ Interzone CommunicationRADIUS and TACACS+ Terminal Name RegistrationInterzone Routing Using E.164 Addresses VC-294VC-295 Call ScenarioHSRP Support VC-296Security, page Quality of Service, page H.323 Proxy FeaturesSecurity Application-SpecificRouting, pageProxy Inside the Firewall VC-298See Figure Proxy in Co-EdgeModeVC-299 Proxies and NAT For Networks Using NATProxy Outside the Firewall Firewall with H.323 NATFor Networks Not Using NAT Quality of ServiceApplication-SpecificRouting Firewall with H.323. NATRedundant H.323 Zone Support H.323 Prerequisite Tasks and RestrictionsVC-302 Configuring the Gatekeeper, page 303 Required H.323 Gatekeeper Configuration Task ListConfiguring the Gatekeeper Configuring the Proxy, page 332 RequiredPurpose CommandStarting a Gatekeeper VC-304Purpose Commandthe h323-gatewayvoip h.323-id command VC-305Purpose Commandzone subnet command VC-306Command Configuring Intergatekeeper CommunicationVia DNS, page Manual Configuration, page Via DNSCommand Configuring Redundant H.323 Zone SupportManual Configuration PurposePurpose Configuring Local and Remote GatekeepersCommand VC-309Verifying Zone Prefix Redundancy CommandCommand PurposePurpose Commandzone local or zone remote command. You can VC-311Purpose CommandVerifying Technology Prefix Redundancy VC-312Purpose Configuring Static NodesCommand Gatekeeper” section on pageCommand Configuring H.323 Users via RADIUSCommand Purposeserver radius or aaa group server tacacs+ CommandPurpose VC-315Purpose CommandVC-316 Purpose Commandpassword default password-Specifiesthe VC-317Command Configuring a RADIUS/AAA ServerCommand “Configuring H.323 Users via RADIUS” section onPurpose Command“Configuring H.323 Users via RADIUS” section on pagePurpose Configuring User Accounting Activity for RADIUSCommand VC-320Command Configuring E.164 Interzone RoutingCommand Purpose“Configuring Redundant Gatekeepers for a Configuring H.323 Version 2 FeaturesCommand PurposePurpose Configuring a Dialing Prefix for Each GatewayCommand VC-323Purpose CommandVC-324 Purpose CommandVC-325 Purpose Configuring a Prefix to a Gatekeeper Zone ListCommand “Starting a Gatekeeper” section on pagePurpose CommandVC-327 Purpose CommandVC-328 Purpose CommandVC-329 Purpose CommandVC-330 Purpose Verifying Gatekeeper Proxied Access ConfigurationCommand Router# show gatekeeper zone statusCommand Configuring the ProxyConfiguring a Forced Disconnect on a Gatekeeper Configuring a Proxy Without ASR, pageshow interfaces command Configuring a Proxy Without ASRCommand Purposemultipoint point-to-point-Optional CommandPurpose VC-334Purpose CommandVC-335 Purpose Commandswitch KeywordKeyword Configuring a Proxy with ASRCommand Interface Type“Configuring a Proxy Without ASR” section on Command“Configuring a Proxy Without ASR” section on “Configuring a Proxy Without ASR” section onPurpose Command“Configuring a Proxy Without ASR” section on pagePurpose CommandVC-340 Purpose CommandVC-341 Command Command“Configuring a Proxy Without ASR” section on Purpose“Configuring a Proxy Without ASR” section on Command“Configuring a Proxy Without ASR” section on PurposePurpose Command“Configuring a Proxy Without ASR” section on page“Configuring a Proxy with ASR” section on H.323 Gatekeeper Configuration ExamplesCommand “Configuring a Proxy Without ASR” section onDefining Multiple Zones Example, page Configuring a Gatekeeper ExampleCo-EdgeProxy with Subnetting Example, page Removing a Proxy Example, pageE.164 Interzone Routing Example Redundant Gatekeepers for a Zone Prefix ExampleVC-347 VC-348 Configuring HSRP on the Gatekeeper Example VC-349Co-EdgeProxy with Subnetting Example, page Isolating the Multimedia Network, pageVC-350 Isolating the Multimedia Network Enabling the Proxy to Forward H.323 PacketsVC-351 PX1 Configuration VC-352H.323 Gatekeeper Configuration Examples R1 ConfigurationConfiguring H.323 Gatekeepers and Proxies VC-353Configuring H.323 Gatekeepers and Proxies PX1 ConfigurationFigure 64 Sample Configuration with Subnetting H.323 Gatekeeper Configuration ExamplesH.323 Gatekeeper Configuration Examples R1 ConfigurationConfiguring H.323 Gatekeepers and Proxies VC-355R2 Configuration PX2 ConfigurationVC-356 Edge net VC-357PX1 172.21.127.39 GK1H.323 Gatekeeper Configuration Examples PX1 ConfigurationConfiguring H.323 Gatekeepers and Proxies VC-358Configuring H.323 Gatekeepers and Proxies PX1 ConfigurationThe following output is for the PX1 configuration H.323 Gatekeeper Configuration ExamplesDefining One Zone for Multiple Gateways Example Defining Multiple Zones ExampleVC-360 Configuring a Proxy for Outbound Calls Example Configuring a Proxy for Inbound Calls ExampleVC-361 H.235 Security Example Removing a Proxy ExampleVC-362 Prohibiting Proxy Use for Inbound Calls Example GKTMP and RAS Messages ExampleVC-363 H.323 Gatekeeper Configuration Examples Configuring H.323 Gatekeepers and ProxiesVC-364