Manuals / Cisco Systems / Household Appliance / Home Security System

Cisco Systems VC-289 manual Proxy in Co-EdgeMode, See Figure, VC-299

Models: VC-289

1 76

Download 76 pages 30.7 Kb

Page 11

Proxy in Co-Edge Mode

Configuring H.323 Gatekeepers and Proxies

H.323 Proxy Features

Proxy in Co-Edge Mode

If H.323 terminals exist in an area with local interior addresses that must be translated to valid exterior addresses, the firewall must be capable of decoding and translating all addresses passed in the various H.323 protocols. If the firewall is not capable of this translation task, a proxy may be placed next to the firewall in a co-edge mode. In this configuration, interfaces lead to both inside and outside networks.

(See Figure 59.)

Figure 59 Proxy in Co-Edge Mode

Terminals

Firewall

Gatekeeper

Proxy

Edge router

Outside devices

S6914

In co-edge mode, the proxy can present a security risk. To avoid exposing a network to unsolicited traffic, configure the proxy to route only proxied traffic. In other words, the proxy routes only H.323 protocol traffic that is terminated on the inside and then repeated to the outside. Traffic that moves in the opposite direction can be configured this way as well.

Cisco IOS Voice, Video, and Fax Configuration Guide

VC-299

Image 11

Cisco Systems VC-289 manual Proxy in Co-EdgeMode, See Figure, VC-299

Contents

H.323 Proxy Features, page Multimedia Conference Manager OverviewConfiguring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features, pageRedundant H.323 Zone Support, page H.323 Gatekeeper FeaturesPrincipal Multimedia Conference Manager Functions Zone and Subnet Configuration, pageGatekeeper Multiple Zone Support Zone and Subnet ConfigurationRedundant H.323 Zone Support Interzone Routing Using E.164 Addresses, pageVC-292 Technology PrefixesTerminal Name Registration Interzone CommunicationRADIUS and TACACS+ Accounting via RADIUS and TACACS+VC-294 Interzone Routing Using E.164 AddressesCall Scenario VC-295VC-296 HSRP SupportApplication-SpecificRouting, page H.323 Proxy FeaturesSecurity Security, page Quality of Service, pageVC-298 Proxy Inside the FirewallVC-299 Proxy in Co-EdgeModeSee Figure Firewall with H.323 NAT For Networks Using NATProxy Outside the Firewall Proxies and NATFirewall with H.323. NAT Quality of ServiceApplication-SpecificRouting For Networks Not Using NATVC-302 H.323 Prerequisite Tasks and RestrictionsRedundant H.323 Zone Support Configuring the Proxy, page 332 Required H.323 Gatekeeper Configuration Task ListConfiguring the Gatekeeper Configuring the Gatekeeper, page 303 RequiredVC-304 CommandStarting a Gatekeeper PurposeVC-305 Commandthe h323-gatewayvoip h.323-id command PurposeVC-306 Commandzone subnet command PurposeVia DNS Configuring Intergatekeeper CommunicationVia DNS, page Manual Configuration, page CommandPurpose Configuring Redundant H.323 Zone SupportManual Configuration CommandVC-309 Configuring Local and Remote GatekeepersCommand PurposePurpose CommandCommand Verifying Zone Prefix RedundancyVC-311 Commandzone local or zone remote command. You can PurposeVC-312 CommandVerifying Technology Prefix Redundancy PurposeGatekeeper” section on page Configuring Static NodesCommand PurposePurpose Configuring H.323 Users via RADIUSCommand CommandVC-315 CommandPurpose server radius or aaa group server tacacs+VC-316 CommandPurpose VC-317 Commandpassword default password-Specifiesthe Purpose“Configuring H.323 Users via RADIUS” section on Configuring a RADIUS/AAA ServerCommand Commandpage Command“Configuring H.323 Users via RADIUS” section on PurposeVC-320 Configuring User Accounting Activity for RADIUSCommand PurposePurpose Configuring E.164 Interzone RoutingCommand CommandPurpose Configuring H.323 Version 2 FeaturesCommand “Configuring Redundant Gatekeepers for aVC-323 Configuring a Dialing Prefix for Each GatewayCommand PurposeVC-324 CommandPurpose VC-325 CommandPurpose “Starting a Gatekeeper” section on page Configuring a Prefix to a Gatekeeper Zone ListCommand PurposeVC-327 CommandPurpose VC-328 CommandPurpose VC-329 CommandPurpose VC-330 CommandPurpose Router# show gatekeeper zone status Verifying Gatekeeper Proxied Access ConfigurationCommand PurposeConfiguring a Proxy Without ASR, page Configuring the ProxyConfiguring a Forced Disconnect on a Gatekeeper CommandPurpose Configuring a Proxy Without ASRCommand show interfaces commandVC-334 CommandPurpose multipoint point-to-point-OptionalVC-335 CommandPurpose Keyword Commandswitch PurposeInterface Type Configuring a Proxy with ASRCommand Keyword“Configuring a Proxy Without ASR” section on Command“Configuring a Proxy Without ASR” section on “Configuring a Proxy Without ASR” section onpage Command“Configuring a Proxy Without ASR” section on PurposeVC-340 CommandPurpose VC-341 CommandPurpose Purpose Command“Configuring a Proxy Without ASR” section on CommandPurpose Command“Configuring a Proxy Without ASR” section on “Configuring a Proxy Without ASR” section onpage Command“Configuring a Proxy Without ASR” section on Purpose“Configuring a Proxy Without ASR” section on H.323 Gatekeeper Configuration ExamplesCommand “Configuring a Proxy with ASR” section onRemoving a Proxy Example, page Configuring a Gatekeeper ExampleCo-EdgeProxy with Subnetting Example, page Defining Multiple Zones Example, pageVC-347 Redundant Gatekeepers for a Zone Prefix ExampleE.164 Interzone Routing Example VC-348 VC-349 Configuring HSRP on the Gatekeeper ExampleVC-350 Isolating the Multimedia Network, pageCo-EdgeProxy with Subnetting Example, page VC-351 Enabling the Proxy to Forward H.323 PacketsIsolating the Multimedia Network VC-352 PX1 ConfigurationVC-353 R1 ConfigurationConfiguring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration ExamplesH.323 Gatekeeper Configuration Examples PX1 ConfigurationFigure 64 Sample Configuration with Subnetting Configuring H.323 Gatekeepers and ProxiesVC-355 R1 ConfigurationConfiguring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration ExamplesVC-356 PX2 ConfigurationR2 Configuration 172.21.127.39 GK1 VC-357PX1 Edge netVC-358 PX1 ConfigurationConfiguring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration ExamplesH.323 Gatekeeper Configuration Examples PX1 ConfigurationThe following output is for the PX1 configuration Configuring H.323 Gatekeepers and ProxiesVC-360 Defining Multiple Zones ExampleDefining One Zone for Multiple Gateways Example VC-361 Configuring a Proxy for Inbound Calls ExampleConfiguring a Proxy for Outbound Calls Example VC-362 Removing a Proxy ExampleH.235 Security Example VC-363 GKTMP and RAS Messages ExampleProhibiting Proxy Use for Inbound Calls Example VC-364 Configuring H.323 Gatekeepers and ProxiesH.323 Gatekeeper Configuration Examples