I want to set up a gatekeeper to be accessible over the Internet for resolving IP addresses and performing CAC for videoconferencing. I have a few questions regarding securing the gatekeeper. Aside from:
1. Using a firewall to block non-H323/RTP traffic
2. Restricting registrations by IP addresses of clients with "zone subnet" command
Are there any other measures that can be taken to secure that gatekeeper? Ideally, I'd like to be able to use some kind of authentication between the client/gatekeeper, but I'm not sure if this is supported by a gatekeeper or polycom endpoints.
Cisco provides two methods that Internet Telephony Service Providers (ITSPs) can use to provide gatekeeper security between administrative domains in their H.323 voice network. IZCTs are generated in the originating gatekeeper and sent to other gatekeepers in the domain. Each gatekeeper stamps the IZCT's destination gatekeeper with its own ID before the IZCT is sent back to the originating gateway in the location confirm (LCF) message. The originating gateway passes the IZCT to the terminating gateway in the SETUP message. The terminating gatekeeper forwards the IZCT in the admission request (ARQ) answerCall field to the terminating gatekeeper, which then validates it.
These are the paths to get to each CCX logs through CLI. They may be helpful if you are having issues accessing RTMT or downloading logs through it.
If you want to download them you have to prefix "file get " and you can add one of the options (re...