08-21-2013 11:24 AM - edited 03-18-2019 01:40 AM
Hi
I couldn't solve my doubt with the forums posts and general documentation, so i'll try to get some help from all of you here.
I have 3 or more SX20 telepresences that will work as stand-alone inside the same site. At the maximum we’re thinking in register this SX20 as SIP Devices to get an extension from callmanager and facilitate the internal communication.
My bigger concern is about the external calls. Every SX20 will have to make and receive external calls (via h.323) how can this configuration be done since we have only one public address?
To receive external calls I was thinking in use the external IP address with specific port to each internal equipment.
Like
170.22.190.1:5000 -> 192.168.9.1:1720
170.22.190.1:5001 -> 192.168.9.2:1720
170.22.190.1:5002 -> 192.168.9.3:1720
About the RTP port I was thinking about segments in 3 ranges for every SX20 and configure one range to every telepresence device. So when the call would be established it would negotiate only that range.
What it sounds like?
The topology would be something like this:
INTERNET ---> Firewall ---> LAN ---> SX20 Devices
Thanks in advance.
08-21-2013 11:40 AM
Hi Martin,
Do you have one external IP address for three internal endpoints? Sorry man, it is not a good idea.
Even you are able to redirect those ports (5000, 50001...) to the proper endpoint by using port forwarding in the firewall/NAT, how will you do to inform the external endpoint to connect to the port 500X instead of 1720 (default port)??
I know that you can use SRV DNS records and multiple sub domains to inform your H323 ports to the external endpoints, however, I don't recommend this kind of deployment and you won't find any recomendation from Cisco as well.
The best option in your case is to go for VCS Expressway, this will allow you to have one sinfle external IP address being used for many internal endpoints. And you can use it to have number or URI dialling as well as bandwidth limitation and another features.
I am not telling this cause I am member of Cisco (I am not) and want you to buy something, I am telling this because this kind of deployment normally brings many problems and it does not work well. Cisco VCS Expressway is the best solution when you have only one single external IP address.
Regards
Paulo Souza
Please rate replies and mark question as "answered" if applicable.
08-22-2013 05:46 AM
Hi Martin,
I'd have to agree with Paulo here. Further, H.323 is VERY chatty and can need to open up a whole bunch of ports not just for signaling, but also for media. The only time we have ever used multiple devices like this is where you have multiple public IP addresses available. Essentially, each device would be assigned either a public IP directly, or set-up on a 1:to:1 NAT. Essentially each device would live in the DMZ or even outside of the firewall entirely!!!
In reality, when you have multiple endpoints, the better solution would be to employ some kind or gatekeeper that can handle and pass off calls to to each registered endpoint. The beauty of the VCSs is that they employ both gatekeeper and firewall traversal solutions and an ability to deal with NAT'ed environments - the downside is that it isn't cheap.
We did think about looking at Open Source Gatekeeper solutions, but we really didn't sit down to check this option out (as yet).
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide