Re: NAT & H.323 problems

gomes.c · ‎11-28-2002

Hi !

After saw some discussions about NAT and H.323 problems I'm still

confuse about what's the best solution.

Let's assume the following:

- Network scenario with H.323 clients (H.323 phones or PC-H.323 based- not NetMeeting !!) connected to an existing private Network. This domain will be isolated via NAT firewall/ router.

- H.323 clients have to be registed in a external GK (outside private domain) and use 'fast connected' procedure. H.323 version is v2.

.) What kind of NAT equipment do you advise for this kind of scenario ?

- It's important to keep security - This means that dynamic ALG/CBAC

must me supported in order to not open all H.323 related-ports

.) Is CISCO IOS release 12.2 (??) able to support all this ??

.) And what about UPnP ??

.) It's better to use PIX firewall or IOS 12.2(??) ?

Thanks,

CG

s-doyle · ‎12-04-2002

The 12.2 IOS should support what you are looking for. Here is a URL that might help you determine if you want to use a PIX or the IOS. http://www.cisco.com/en/US/tech/tk652/tk701/technologies_tech_note09186a00800f2853.shtml

tcooper · ‎01-03-2003

I have several H.323 video devices on several different local networks connected via the Internet. I use a PIX 515E at all sites with static NAT only opening ports 1720 (H323) and ports 3230 - 3235. This is an excellent and secure solution with a very simple and straight forward configuration on the PIX. With this solution I leave the routing to the router and the security to the PIX. I'm a big fan of letting what does the job the best, do the job it was designed for. Any questions give me a shout...

take care

todd