Firewall Traversal

TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE

Overview

In order to control usage of the VCS as a traversal server, each VCS or Gatekeeper that wishes to be its client must first authenticate with it.

Upon receiving the initial connection request from the traversal client, the VCS Border Controller asks the client to authenticate itself by providing a username and password. The server then looks up the username and password in its own authentication database. If a match is found, the VCS server will accept the request from the client.

The settings used for authentication depend on the combination of client and server being used. These are detailed in the table opposite.

When acting as a VCS Border

Controller, authentication is required from all VCS and Gatekeeper clients regardless of the VCS’s Authentication Mode

setting. This setting will however still determine whether or not endpoint clients are required to authenticate.

Firewall Traversal and Authentication

Client Type and Client Settings

VCS

The VCS client provides its Authentication Username and Authentication Password. These are set on the client via VCS Configuration > Authentication > Configuration.

Endpoint Client

The endpoint client provides its Authentication ID and Authentication Password.

Gatekeeper Client

The Gatekeeper client looks up its System Name in its own authentication database and retrieves the password for that name. It then provides this name and password.

VCS

If Authentication is On on the Border Controller, the VCS client provides its Authentication Username and Authentication Password. These are set on the client via VCS Configuration > Authentication > Configuration.

If the Border Controller is in Assent mode, the VCS client provides its Authentication Username. This is set on the client via VCS Configuration > Authentication > Configuration.

Server Type and Server Settings

VCS Border Controller

The traversal server zone for that client must be configured with the client’s Authentication Username. This is set via VCS Configuration > Zones > Edit Zone.

There must also an entry in the server’s authentication database with the corresponding username and password.

VCS Border Controller

There must be an entry in the server’s authentication database with the corresponding username and password.

VCS Border Controller

The traversal server zone for the Gatekeeper client must be configured with the Gatekeeper’s System Name

in the Authentication Username field. This is set via VCS Configuration > Zones > Edit Zone.

There must be an entry in the server’s authentication database with the corresponding username and password.

Border Controller

If Authentication is On on the Border Controller, there must be an entry in the Border Controller’s authentication database that matches the VCS client’s Authentication Username and Authentication Password.

If the Border Controller is in Assent mode, the traversal zone configured on the Border Controller to represent the VCS client must use the client’s Authentication Username in the Assent Account name field. This is set on the Border Controller via TraversalZone > Assent > Account name.

Introduction

Getting

System

System

H.323 & SIP

Registration

Zones and

Call

Firewall

Bandwidth

Maintenance

Appendices

Started

Overview

Configuration

Configuration

Control

Neighbors

Processing

Traversal

Control

 

 

 

D 14049.01

 

 

 

 

100

 

 

 

 

 

07.2007

 

 

 

 

 

 

 

 

 

Page 100
Image 100
TANDBERG D14049.01 manual Firewall Traversal and Authentication, Vcs