Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2105
Views
10
Helpful
6
Replies

nat and video conference

Sarg .
Level 3
Level 3

‎02-13-2012 06:57 AM - edited ‎03-17-2019 10:49 PM

hello guys any known issues or things i should look out fof when deploying a ciso video telepresnce over nat between two sites using h323?

Labels:
0 Helpful
6 Replies 6

awinter2
Level 7
Level 7

‎02-13-2012 07:15 AM

Max,

what endpoints do you intend to use? Are you planning to register these endpoints to an H323 gatekeeper/SIP proxy such as the VCS or will these devices be used in Direct mode?

Regards

Andreas

Sarg .
Level 3
Level 3
In response to awinter2

‎02-13-2012 07:18 AM

well actually there is going to be a video conference system connection between a sony and SEMC.  conference systems is likely to use H323.

0 Helpful

Sarg .
Level 3
Level 3
In response to Sarg .

‎02-13-2012 09:09 AM

i am open to suggestions. i am just trying to find out before hand. i think i should re-ask this question and say ' how would you do it or what stratgy or solution would you follow '

0 Helpful

awinter2
Level 7
Level 7
In response to Sarg .

‎02-13-2012 10:57 AM

Max,

for Cisco Telepresence endpoints (At least the former TANDBERG endpoints) behind NAT, the ideal solution would be to deploy a VCS Expressway in which these endpoints register with. The Expresswat will assist the endpoints assuring that signalling and media will safely traverse firewalls and NAT.

Regards

Andreas

0 Helpful

Paulo Souza
VIP Alumni
VIP Alumni
In response to awinter2

‎02-13-2012 03:45 PM

Max,

The best secured and easy practice is to do what Andreas has suggested. That is indisputable!

But I got another solution that should work for you:

Cisco endpoints have the option to configure a NAT address to be used by the endpoint. When you set this feature, the codec will put the NAT Address in the "H323 header" (that must be the same address used by outside interface of the NAT device), so, H323 calls will work perfectly even if you have a NAT in the path, you have only to open the required ports in your firewall.

If your endpoint is not Cisco and does not have that feature, so, you should have a NAT device that supports ALG (Advanced Layer Gateway). Then, the NAT device will "nat" the call correctly.

Why am I telling you that? Look, when you have NAT into the H323 or SIP call path, you must understand that, the NAT device will only change the source address inside the layer 3 header (OSI model), but into the application layer, H323 and SIP also carry the real source address of the endpoint. Then, when the remote side receive the packets, it will look at the H323 or SIP header and it will response to the address found in application layer, not to the address found in layer 3. So the response sent by the remote side will not match to the NAT table of the NAT Device, it will reject communication. That's why you must to have a router/firewall with ALG support, by doing that, your equipment will be able to understand and route correctly H323 and SIP calls.

Do you see how complicated is traversing firewall? That's why it's a great idea using Cisco VCS Expressway solution. It's secured, easy and functional.

Regards,

Paulo Souza

Paulo Souza Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".

Sarg .
Level 3
Level 3
In response to Paulo Souza

‎02-15-2012 02:19 AM

Thanks guys

0 Helpful
Customers Also Viewed These Support Documents