TANDBERG D14049.04 Network Card User Manual


 
152
D14049.04
JULY 2008
Grey Headline (continued)
TANDBERG VIDEO COMMUNICATIONS SERVER
ADMINISTRATOR GUIDE
Introduction Getting Started
Overview and
Status
System
Conguration
VCS
Conguration
Zones and
Neighbors
Call
Processing
Bandwidth
Control
Firewall
Traversal
Appendices
Applications Maintenance
Firewall Traversal Protocols and Ports
The VCS supports two different rewall traversal protocols for
H.323: Assent and H.460.18/H.460.19.
Assent is TANDBERG’s proprietary protocol.
H.460.18 and H.460.19 are ITU standards which dene
protocols for the rewall traversal of signaling and media
respectively. These standards are based on the original
TANDBERG Assent protocol.
In order for a traversal server and traversal client to
communicate, they must be using the same protocol.
The two protocols each use a slightly different range of ports.
Overview
Ports play a vital part in rewall traversal conguration. The
correct ports must be set on the VCS Expressway, traversal
client and rewall in order for connections to be permitted.
Ports are initially congured on the VCS Expressway by the
VCS Expressway Administrator. The rewall administrator and
the traversal client administrator should then be notied of
the ports, and they then must then congure their systems to
connect to these specic ports on the server. The only port
conguration that is done on the client is the range of ports it
uses for outgoing connections; the rewall administrator may
need to know this information so that if necessary they can
congure the rewall to allow outgoing connections from those
ports.
The Expressway™ solution works as follows:
Each traversal client connects via the rewall to a unique port 1.
on the VCS Expressway.
The server identies each client by the port on which it 2.
receives the connection, and the Authentication credentials
provided by the client.
Once established, the client constantly sends a probe to 3.
the VCS Expressway via this connection in order to keep the
connection alive.
When the VCS Expressway receives an incoming call for the 4.
client, it uses this initial connection to send an incoming call
request to the client.
The client then initiates one or more outbound connections. 5.
The destination ports used for these connections will differ
for signaling and/or media, and will depend on the protocol
being used (see the following sections for more details).
Expressway Process H.323 Firewall Traversal Protocols
The VCS supports the Assent protocol for SIP rewall traversal
of media.
The signaling is traversed through TCP/TLS connection
established from the client to the server.
SIP Firewall Traversal Protocols