Firewall Traversal
TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE
Overview
In order to control usage of the VCS as a traversal server, each VCS or Gatekeeper that wishes to be its client must first authenticate with it.
Upon receiving the initial connection request from the traversal client, the VCS Border Controller asks the client to authenticate itself by providing a username and password. The server then looks up the username and password in its own authentication database. If a match is found, the VCS server will accept the request from the client.
The settings used for authentication depend on the combination of client and server being used. These are detailed in the table opposite.
When acting as a VCS Border
Controller, authentication is required 
from all VCS and Gatekeeper clients regardless of the VCS’s Authentication Mode
setting. This setting will however still determine whether or not endpoint clients are required to authenticate.
Firewall Traversal and Authentication
Client Type and Client Settings
VCS
•The VCS client provides its Authentication Username and Authentication Password. These are set on the client via VCS Configuration > Authentication > Configuration.
Endpoint Client
•The endpoint client provides its Authentication ID and Authentication Password.
Gatekeeper Client
•The Gatekeeper client looks up its System Name in its own authentication database and retrieves the password for that name. It then provides this name and password.
VCS
•If Authentication is On on the Border Controller, the VCS client provides its Authentication Username and Authentication Password. These are set on the client via VCS Configuration > Authentication > Configuration.
•If the Border Controller is in Assent mode, the VCS client provides its Authentication Username. This is set on the client via VCS Configuration > Authentication > Configuration.
Server Type and Server Settings
VCS Border Controller
•The traversal server zone for that client must be configured with the client’s Authentication Username. This is set via VCS Configuration > Zones > Edit Zone.
•There must also an entry in the server’s authentication database with the corresponding username and password.
VCS Border Controller
•There must be an entry in the server’s authentication database with the corresponding username and password.
VCS Border Controller
•The traversal server zone for the Gatekeeper client must be configured with the Gatekeeper’s System Name
in the Authentication Username field. This is set via VCS Configuration > Zones > Edit Zone.
•There must be an entry in the server’s authentication database with the corresponding username and password.
Border Controller
•If Authentication is On on the Border Controller, there must be an entry in the Border Controller’s authentication database that matches the VCS client’s Authentication Username and Authentication Password.
•If the Border Controller is in Assent mode, the traversal zone configured on the Border Controller to represent the VCS client must use the client’s Authentication Username in the Assent Account name field. This is set on the Border Controller via TraversalZone > Assent > Account name.
Introduction | Getting | System | System | H.323 & SIP | Registration | Zones and | Call | Firewall | Bandwidth | Maintenance | Appendices | |
Started | Overview | Configuration | Configuration | Control | Neighbors | Processing | Traversal | Control | ||||
|
|
| ||||||||||
D 14049.01 |
|
|
|
| 100 |
|
|
|
|
| ||
07.2007 |
|
|
|
|
|
|
|
|
| |||
