08-31-2009 08:45 AM - edited 03-17-2019 09:49 PM
Hi,
I am putting in a CUBE in a DMZ that will have a public address that will NAT to it's internal address.
First off, what scenario is the CUBE really used for? Does it make since to have an outside IP Video Station register to the CUBE using the public IP and then make calls to internal video endpoints?
If so, does H323 work well with this?
And lastly, what do I need to do on the firewall besides mapping the public IP to the private IP? Do I need to open ports or add certain commands?
Thanks
08-31-2009 01:04 PM
You'll need TCP 1720 for H225 negotiation. You will also need random ports between 25000-50000 on both sides as H245 is negotiated dynamically between two random ports. If you're using SIP, TCP/UDP 5060 would be opened up.
Having the CUBE can help centralize your dial plan, as well as add security since it will be the border element between your internal devices and the external IP network.
For what you're doing, H323 would be the best option, yes.
-nick
08-31-2009 01:08 PM
Yes, but isn't there some feature to the CUBE or Cisco ASA that automatically opens the ports when needed and then closes them? Maybe its those random ports? If so, what needs to be configured on the ASA for that.
Would that just leave TCP 1720 needing to be opened to the CUBE?
08-31-2009 02:33 PM
Yes, H323 inspection should take care of the H245 ports automatically. It's worth noting, however.
If it's just H323, TCP port 1720 is what you're looking at.
-nick
09-07-2009 12:11 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: