When implementing a Cisco IOS MCM with proxy functionality in a co-edge model (i.e. in parallel with an existing firewall, so the firewall does not have to inspect the H.323 traffic), what would be a suitable ACL to apply to the external-facing interface, to ensure that only H.323 entered the network? Would it be necessary to permit traffic from other gatekeepers. Can the ACL be restricted to certain ports, or does the dynamic nature of H.323 make this problematic?
Not sure what application or functional use you require, but for IP/VC I would suggest:
configuring the proxy on the inside of your firewall , enabling H.323 fixup on the firewall (assuming PIX) and then creating an ACL on the firewall opening port 1719 to the IP address of the Proxy.
In some University environments that required internet users to access conferences inside the University firewall we have used a guest gatekeeper model. Install a guest gatekeeper outside the firewall that Internet users will use to access conferences and then use the proxy model described above to get the video traffic through the firewall.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...