TANDBERG Security Camera manual Recommended Configuration for Firewall Traversal

Grey Headline (continued)

Unregistered Endpoints

TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE

An unregistered endpoint is any device that is not registered with an H.323 gatekeeper or SIP Registrar (e.g. VCS, gatekeeper or Border Controller). Although most calls are made between endpoints each registered with such a system, it is sometimes necessary to place a call to, or receive a call from, an unregistered endpoint.

An unregistered endpoint (one that is not registered to any system) can call an endpoint registered with the local VCS.

If there are no firewalls between the unregistered endpoint and the locally registered endpoint, it is possible for the caller to place the call by dialing the locally registered endpoint’s IP address. However, we do not recommend that callers are given IP addresses to use as the call may not always be successful (for example if the IP address is private).

Instead, we recommend that callers from unregistered endpoints dial the IP address or the domain name (if configured) of the local VCS, prefixed by the alias they wish to call (for example, john.smith@82.118.9.0). The VCS will then place the call as normal.

Overview

Calls can be placed from an endpoint registered to the local VCS to an endpoint that is not registered with any system in two ways:

•using a URI (if the DNS system has been appropriately configured). If URI dialing is used, DNS is queried for a call signaling address and, if found, the call is placed to that address. (See URI Dialing for incoming calls for details of how to configure the Call Signaling SRV Record.)

•dialing its IP address

However, it is sometimes undesirable for a system to be allowed to place a call to an IP address directly.

Instead, you may want a neighbor to place the call on behalf of the VCS, or not allow such calls at all. The

VCS allows you to configure this behavior.

Calls to an Unregistered Endpoint

Recommended Configuration for Firewall Traversal

When the VCS Expressway is neighbored with an VCS Control for firewall traversal, you should typically set Calls to unknown IP addresses to Indirect on the VCS Control and Direct on the VCS Expressway. When a caller inside the firewall attempts to place a call to an IP address outside the firewall, it will be routed as follows:

1.The call will go from the endpoint to the VCS Control with which it is registered.

2.Since the IP address being called is not registered to that VCS, and its Calls to unknown IP addresses setting is Indirect, the VCS will not place the call directly. Instead, it will query its neighbor VCS Expressway to see if that system is able to place the call on the VCS Control’s behalf.

3.The VCS Expressway receives the call and since its Calls to unknown IP addresses setting is Direct, it will make the call directly to the called IP address.

To configure how the VCS will behave when receiving a call for an IP address that is not registered locally:

•VCS Configuration > Calls

You will be taken to the Calls page.

•xConfiguration Call Services

Calls to Unknown IP Addresses

Determines the way in which the VCS will manage calls to IP addresses which are not registered with it or one of its neighbors.

Direct: A locally registered endpoint will be allowed to make the call to the unknown IP address without the VCS querying any neighbors. The call setup would occur just as it would if the far end were registered directly to the local system.

Indirect: Upon receiving the call the VCS will check to see if the IP address belongs to one of its locally registered H.323 endpoints. If so, it will allow the call. If not, it will query its neighbors for the remote address. If the neighbor’s configuration allows it to connect a call to that alias, the VCS will pass the call to that neighbor for completion.

Off: This will not allow any endpoint registered locally to the VCS to call an IP address of any system not also registered locally to that VCS.

Maintenance Appendices