Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT & H.323 problems

Hi !

After saw some discussions about NAT and H.323 problems I'm still

confuse about what's the best solution.

Let's assume the following:

- Network scenario with H.323 clients (H.323 phones or PC-H.323 based- not NetMeeting !!) connected to an existing private Network. This domain will be isolated via NAT firewall/ router.

- H.323 clients have to be registed in a external GK (outside private domain) and use 'fast connected' procedure. H.323 version is v2.

.) What kind of NAT equipment do you advise for this kind of scenario ?

- It's important to keep security - This means that dynamic ALG/CBAC

must me supported in order to not open all H.323 related-ports

.) Is CISCO IOS release 12.2 (??) able to support all this ??

.) And what about UPnP ??

.) It's better to use PIX firewall or IOS 12.2(??) ?

Thanks,

CG

2 REPLIES
New Member

Re: NAT & H.323 problems

The 12.2 IOS should support what you are looking for. Here is a URL that might help you determine if you want to use a PIX or the IOS. http://www.cisco.com/en/US/tech/tk652/tk701/technologies_tech_note09186a00800f2853.shtml

New Member

Re: NAT & H.323 problems

I have several H.323 video devices on several different local networks connected via the Internet. I use a PIX 515E at all sites with static NAT only opening ports 1720 (H323) and ports 3230 - 3235. This is an excellent and secure solution with a very simple and straight forward configuration on the PIX. With this solution I leave the routing to the router and the security to the PIX. I'm a big fan of letting what does the job the best, do the job it was designed for. Any questions give me a shout...

take care

todd

370
Views
0
Helpful
2
Replies
CreatePlease login to create content