Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
977
Views
0
Helpful
3
Replies

IOS MCM GK/Proxy Placement

mmelbourne
Level 5
Level 5

‎10-29-2004 12:28 PM - edited ‎03-17-2019 08:18 PM

Are there any issues with a Cisco IOS MCM GK/Proxy with one interface placed on the 'internal' network (which endpoints register with) and a second interface placed in a firewall DMZ (and the MCM acting as an H.323 proxy). The firewall then does static NAT (a 1:1 mapping) with the address on the interface and a real-world IP address. The firewall is H.323 aware. The other alternative is to place the 'outside' interface directly on the external network (effectively in parallel with the firewall), but this is the less-preferred option.

With the parallel model (described as co-edge in the documentation), is it possible to secure the router with suitable ACLs to prevent traffic being routed through it and limit traffic terminated on it, or sourced from it to H.323?

Labels:
0 Helpful
3 Replies 3

vraut
Level 1
Level 1

‎11-08-2004 08:45 PM

With your approach you may have the MCM as H.323 Proxy and NAT (on the Firewall) both the MCM Proxy and the NAT will essentially do the same (address hiding). The F/W also has to be H.323 aware (ALG).

You may want to consider a IP-IP gateway to serve your requirement. It can have a GK on the same router and do H.323 RAS, signalling and Media reorigination, thus doing address hiding. ACL on the router can give you firewalling for the router. You may choose to still use your firewall if you want a single security device.

http://cisco.com/en/US/partner/products/sw/voicesw/ps5640/index.html

The IP-IP gateway can support Voice and Video calls and can support RSVP CAC, this can be a single box solution.

0 Helpful

mmelbourne
Level 5
Level 5
In response to vraut

‎12-27-2004 11:38 AM

Does the IP-IP gateway have any H.323 Proxy functionality (as in IOS MCM)? I understand that it is not a "drop-in" replacement for MCM.

0 Helpful

vraut
Level 1
Level 1
In response to mmelbourne

‎12-27-2004 01:30 PM

Hi,

yes, the IPIP gateway can provide H.323 proxy functionality.

Since the IPIP gateway also is aware of call states for both call legs, it can be used for more applications than just as a proxy (IP-IVR, conditional QoS etc.).

If you have a specific topology to implement feel free to correspond to the contacts mentioned at the bottom of the link

http://cisco.com/en/US/partner/products/sw/voicesw/ps5640/products_data_sheet09186a00801da698.html

Regards

0 Helpful
Customers Also Viewed These Support Documents