Re: Multi SX20 Telepresence in same site - How to manage Calls

Martin Bauer · ‎08-21-2013

Hi

I couldn't solve my doubt with the forums posts and general documentation, so i'll try to get some help from all of you here.

I have 3 or more SX20 telepresences that will work as stand-alone inside the same site. At the maximum we’re thinking in register this SX20 as SIP Devices to get an extension from callmanager and facilitate the internal communication.

My bigger concern is about the external calls. Every SX20 will have to make and receive external calls (via h.323) how can this configuration be done since we have only one public address?

To receive external calls I was thinking in use the external IP address with specific port to each internal equipment.

Like

170.22.190.1:5000 -> 192.168.9.1:1720

170.22.190.1:5001 -> 192.168.9.2:1720

170.22.190.1:5002 -> 192.168.9.3:1720

About the RTP port I was thinking about segments in 3 ranges for every SX20 and configure one range to every telepresence device. So when the call would be established it would negotiate only that range.

What it sounds like?

The topology would be something like this:

INTERNET ---> Firewall ---> LAN ---> SX20 Devices

Thanks in advance.

Paulo Souza · ‎08-21-2013

Hi Martin,

Do you have one external IP address for three internal endpoints? Sorry man, it is not a good idea.

Even you are able to redirect those ports (5000, 50001...) to the proper endpoint by using port forwarding in the firewall/NAT, how will you do to inform the external endpoint to connect to the port 500X instead of 1720 (default port)??

I know that you can use SRV DNS records and multiple sub domains to inform your H323 ports to the external endpoints, however, I don't recommend this kind of deployment and you won't find any recomendation from Cisco as well.

The best option in your case is to go for VCS Expressway, this will allow you to have one sinfle external IP address being used for many internal endpoints. And you can use it to have number or URI dialling as well as bandwidth limitation and another features.

I am not telling this cause I am member of Cisco (I am not) and want you to buy something, I am telling this because this kind of deployment normally brings many problems and it does not work well. Cisco VCS Expressway is the best solution when you have only one single external IP address.

Regards

Paulo Souza

Please rate replies and mark question as "answered" if applicable.

Paulo Souza Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".

Chris Swinney · ‎08-22-2013

Hi Martin,

I'd have to agree with Paulo here. Further, H.323 is VERY chatty and can need to open up a whole bunch of ports not just for signaling, but also for media. The only time we have ever used multiple devices like this is where you have multiple public IP addresses available. Essentially, each device would be assigned either a public IP directly, or set-up on a 1:to:1 NAT. Essentially each device would live in the DMZ or even outside of the firewall entirely!!!

In reality, when you have multiple endpoints, the better solution would be to employ some kind or gatekeeper that can handle and pass off calls to to each registered endpoint. The beauty of the VCSs is that they employ both gatekeeper and firewall traversal solutions and an ability to deal with NAT'ed environments - the downside is that it isn't cheap.

We did think about looking at Open Source Gatekeeper solutions, but we really didn't sit down to check this option out (as yet).

Chris