Proxy in co-edge mode – Cisco H.323 VC-289 User Manual
Page 11
Configuring H.323 Gatekeepers and Proxies
H.323 Proxy Features
VC-299
Cisco IOS Voice, Video, and Fax Configuration Guide
Proxy in Co-Edge Mode
If H.323 terminals exist in an area with local interior addresses that must be translated to valid exterior
addresses, the firewall must be capable of decoding and translating all addresses passed in the various
H.323 protocols. If the firewall is not capable of this translation task, a proxy may be placed next to the
firewall in a co-edge mode. In this configuration, interfaces lead to both inside and outside networks.
(See
Figure 59
Proxy in Co-Edge Mode
In co-edge mode, the proxy can present a security risk. To avoid exposing a network to unsolicited
traffic, configure the proxy to route only proxied traffic. In other words, the proxy routes only H.323
protocol traffic that is terminated on the inside and then repeated to the outside. Traffic that moves in the
opposite direction can be configured this way as well.
S6914
Terminals
Gatekeeper
Proxy
Firewall
Edge router
Outside
devices