Manuals / Cisco Systems / Household Appliance / Home Security System

Cisco Systems VC-289 H.323 Proxy Features, Security, page Quality of Service, page, VC-297

Models: VC-289

1 76

Download 76 pages 30.7 Kb

Page 9

H.323 Proxy Features

Configuring H.323 Gatekeepers and Proxies

H.323 Proxy Features

Note Gatekeeper failover will not be completely transparent to endpoints and gatekeepers. When the standby gatekeeper takes over, it does not have the state of the failed gatekeeper. If an endpoint that had registered with the failed gatekeeper now makes a request to the new gatekeeper, the gatekeeper responds with a reject, indicating that it does not recognize the endpoint. The endpoint must reregister with the new gatekeeper before it can continue H.323 operations.

For an example of configuring gatekeeper HSRP support, see the “H.323 Gatekeeper and Proxy Configuration Examples” section.

H.323 Proxy Features

Each of the following sections describes how the proxy feature can be used in an H.323 network:

•Security, page 297

•Quality of Service, page 301

•Application-Specific Routing, page 301

Security

When terminals signal each other directly, they must have direct access to each other’s addresses. This exposes an attacker to key information about a network. When a proxy is used, the only addressing information that is exposed to the network is the address of the proxy; all other terminal and gateway addresses are hidden.

There are several ways to use a proxy with a firewall to enhance network security. The configuration to be used depends on how capable the firewall is of handling the complex H.323 protocol suite. Each of the following sections describes a common configuration for using a proxy with a firewall:

•Proxy Inside the Firewall, page 298

•Proxy in Co-Edge Mode, page 299

•Proxy Outside the Firewall, page 300

•Proxies and NAT, page 300

Cisco IOS Voice, Video, and Fax Configuration Guide

VC-297

Image 9

Cisco Systems VC-289 H.323 Proxy Features, Security, page Quality of Service, page, Application-SpecificRouting, page

Contents

Configuring H.323 Gatekeepers and Proxies Multimedia Conference Manager OverviewH.323 Gatekeeper Features, page H.323 Proxy Features, pagePrincipal Multimedia Conference Manager Functions H.323 Gatekeeper FeaturesZone and Subnet Configuration, page Redundant H.323 Zone Support, pageRedundant H.323 Zone Support Zone and Subnet ConfigurationInterzone Routing Using E.164 Addresses, page Gatekeeper Multiple Zone SupportVC-292 Technology PrefixesRADIUS and TACACS+ Interzone CommunicationAccounting via RADIUS and TACACS+ Terminal Name RegistrationVC-294 Interzone Routing Using E.164 AddressesCall Scenario VC-295VC-296 HSRP SupportSecurity H.323 Proxy FeaturesSecurity, page Quality of Service, page Application-SpecificRouting, pageVC-298 Proxy Inside the FirewallProxy in Co-EdgeMode See FigureVC-299 Proxy Outside the Firewall For Networks Using NATProxies and NAT Firewall with H.323 NATApplication-SpecificRouting Quality of ServiceFor Networks Not Using NAT Firewall with H.323. NATH.323 Prerequisite Tasks and Restrictions Redundant H.323 Zone SupportVC-302 Configuring the Gatekeeper H.323 Gatekeeper Configuration Task ListConfiguring the Gatekeeper, page 303 Required Configuring the Proxy, page 332 RequiredStarting a Gatekeeper CommandPurpose VC-304the h323-gatewayvoip h.323-id command CommandPurpose VC-305zone subnet command CommandPurpose VC-306Via DNS, page Manual Configuration, page Configuring Intergatekeeper CommunicationCommand Via DNSManual Configuration Configuring Redundant H.323 Zone SupportCommand PurposeCommand Configuring Local and Remote GatekeepersPurpose VC-309Command CommandVerifying Zone Prefix Redundancy Purposezone local or zone remote command. You can CommandPurpose VC-311Verifying Technology Prefix Redundancy CommandPurpose VC-312Command Configuring Static NodesPurpose Gatekeeper” section on pageCommand Configuring H.323 Users via RADIUSCommand PurposePurpose Commandserver radius or aaa group server tacacs+ VC-315Command PurposeVC-316 password default password-Specifiesthe CommandPurpose VC-317Command Configuring a RADIUS/AAA ServerCommand “Configuring H.323 Users via RADIUS” section on“Configuring H.323 Users via RADIUS” section on CommandPurpose pageCommand Configuring User Accounting Activity for RADIUSPurpose VC-320Command Configuring E.164 Interzone RoutingCommand PurposeCommand Configuring H.323 Version 2 Features“Configuring Redundant Gatekeepers for a PurposeCommand Configuring a Dialing Prefix for Each GatewayPurpose VC-323Command PurposeVC-324 Command PurposeVC-325 Command Configuring a Prefix to a Gatekeeper Zone ListPurpose “Starting a Gatekeeper” section on pageCommand PurposeVC-327 Command PurposeVC-328 Command PurposeVC-329 Command PurposeVC-330 Command Verifying Gatekeeper Proxied Access ConfigurationPurpose Router# show gatekeeper zone statusConfiguring a Forced Disconnect on a Gatekeeper Configuring the ProxyCommand Configuring a Proxy Without ASR, pageCommand Configuring a Proxy Without ASRshow interfaces command PurposePurpose Commandmultipoint point-to-point-Optional VC-334Command PurposeVC-335 switch CommandPurpose KeywordCommand Configuring a Proxy with ASRKeyword Interface Type“Configuring a Proxy Without ASR” section on Command“Configuring a Proxy Without ASR” section on “Configuring a Proxy Without ASR” section on“Configuring a Proxy Without ASR” section on CommandPurpose pageCommand PurposeVC-340 Command PurposeVC-341 “Configuring a Proxy Without ASR” section on CommandCommand Purpose“Configuring a Proxy Without ASR” section on Command“Configuring a Proxy Without ASR” section on Purpose“Configuring a Proxy Without ASR” section on CommandPurpose pageCommand H.323 Gatekeeper Configuration Examples“Configuring a Proxy with ASR” section on “Configuring a Proxy Without ASR” section onCo-EdgeProxy with Subnetting Example, page Configuring a Gatekeeper ExampleDefining Multiple Zones Example, page Removing a Proxy Example, pageRedundant Gatekeepers for a Zone Prefix Example E.164 Interzone Routing ExampleVC-347 VC-348 VC-349 Configuring HSRP on the Gatekeeper ExampleIsolating the Multimedia Network, page Co-EdgeProxy with Subnetting Example, pageVC-350 Enabling the Proxy to Forward H.323 Packets Isolating the Multimedia NetworkVC-351 VC-352 PX1 ConfigurationConfiguring H.323 Gatekeepers and Proxies R1 ConfigurationH.323 Gatekeeper Configuration Examples VC-353Figure 64 Sample Configuration with Subnetting PX1 ConfigurationConfiguring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration ExamplesConfiguring H.323 Gatekeepers and Proxies R1 ConfigurationH.323 Gatekeeper Configuration Examples VC-355PX2 Configuration R2 ConfigurationVC-356 PX1 VC-357Edge net 172.21.127.39 GK1Configuring H.323 Gatekeepers and Proxies PX1 ConfigurationH.323 Gatekeeper Configuration Examples VC-358The following output is for the PX1 configuration PX1 ConfigurationConfiguring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration ExamplesDefining Multiple Zones Example Defining One Zone for Multiple Gateways ExampleVC-360 Configuring a Proxy for Inbound Calls Example Configuring a Proxy for Outbound Calls ExampleVC-361 Removing a Proxy Example H.235 Security ExampleVC-362 GKTMP and RAS Messages Example Prohibiting Proxy Use for Inbound Calls ExampleVC-363 Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration ExamplesVC-364