Using the h.323 alg in a corporate environment – D-Link DFL-2500 User Manual

is possible for internal phones to call the external phones that are registered with the
gatekeeper.

Example 6.10. Using the H.323 ALG in a Corporate Environment

This scenario is an example of a more complex network that shows how the H.323 ALG can be deployed in a
corporate environment. At the head office DMZ a H.323 Gatekeeper is placed that can handle all H.323 clients in
the head-, branch- and remote offices. This will allow the whole corporation to use the network for both voice
communication and application sharing. It is assumed that the VPN tunnels are correctly configured and that all
offices use private IP-ranges on their local networks. All outside calls are done over the existing telephone
network using the gateway (ip-gateway) connected to the ordinary telephone network.

The head office has placed a H.323 Gatekeeper in the DMZ of the corporate D-Link Firewall. This firewall should
be configured as follows:

Web Interface

1.

Go to Rules > IP Rules > Add > IPRule

2.

Now enter:

•

Name: LanToGK

•

Action: Allow

•

Service: Gatekeeper

•

Source Interface: lan

•

Destination Interface: dmz

•

Source Network: lannet

•

Destination Network: ip-gatekeeper

6.2.8. H.323

Chapter 6. Security Mechanisms

165