Securing Gatekeeper

Aaron Dhiman · ‎01-07-2008

I want to set up a gatekeeper to be accessible over the Internet for resolving IP addresses and performing CAC for videoconferencing. I have a few questions regarding securing the gatekeeper. Aside from:

1. Using a firewall to block non-H323/RTP traffic

2. Restricting registrations by IP addresses of clients with "zone subnet" command

Are there any other measures that can be taken to secure that gatekeeper? Ideally, I'd like to be able to use some kind of authentication between the client/gatekeeper, but I'm not sure if this is supported by a gatekeeper or polycom endpoints.

Report Inappropriate Content · ‎01-11-2008

Cisco provides two methods that Internet Telephony Service Providers (ITSPs) can use to provide gatekeeper security between administrative domains in their H.323 voice network. IZCTs are generated in the originating gatekeeper and sent to other gatekeepers in the domain. Each gatekeeper stamps the IZCT's destination gatekeeper with its own ID before the IZCT is sent back to the originating gateway in the location confirm (LCF) message. The originating gateway passes the IZCT to the terminating gateway in the SETUP message. The terminating gatekeeper forwards the IZCT in the admission request (ARQ) answerCall field to the terminating gatekeeper, which then validates it.

http://cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_tklss.html#wp1027184

http://cisco.com/en/US/docs/ios/12_2/12_2x/12_2xa/feature/guide/ft_ctoke.html