11-28-2002 11:01 AM - edited 03-17-2019 07:55 PM
Hi !
After saw some discussions about NAT and H.323 problems I'm still
confuse about what's the best solution.
Let's assume the following:
- Network scenario with H.323 clients (H.323 phones or PC-H.323 based- not NetMeeting !!) connected to an existing private Network. This domain will be isolated via NAT firewall/ router.
- H.323 clients have to be registed in a external GK (outside private domain) and use 'fast connected' procedure. H.323 version is v2.
.) What kind of NAT equipment do you advise for this kind of scenario ?
- It's important to keep security - This means that dynamic ALG/CBAC
must me supported in order to not open all H.323 related-ports
.) Is CISCO IOS release 12.2 (??) able to support all this ??
.) And what about UPnP ??
.) It's better to use PIX firewall or IOS 12.2(??) ?
Thanks,
CG
12-04-2002 01:32 PM
The 12.2 IOS should support what you are looking for. Here is a URL that might help you determine if you want to use a PIX or the IOS. http://www.cisco.com/en/US/tech/tk652/tk701/technologies_tech_note09186a00800f2853.shtml
01-03-2003 07:38 AM
I have several H.323 video devices on several different local networks connected via the Internet. I use a PIX 515E at all sites with static NAT only opening ports 1720 (H323) and ports 3230 - 3235. This is an excellent and secure solution with a very simple and straight forward configuration on the PIX. With this solution I leave the routing to the router and the security to the PIX. I'm a big fan of letting what does the job the best, do the job it was designed for. Any questions give me a shout...
take care
todd
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide