H.323 proxy features, Security – Cisco H.323 VC-289 User Manual
Page 9
Configuring H.323 Gatekeepers and Proxies
H.323 Proxy Features
VC-297
Cisco IOS Voice, Video, and Fax Configuration Guide
Note
Gatekeeper failover will not be completely transparent to endpoints and gatekeepers. When the
standby gatekeeper takes over, it does not have the state of the failed gatekeeper. If an endpoint that
had registered with the failed gatekeeper now makes a request to the new gatekeeper, the gatekeeper
responds with a reject, indicating that it does not recognize the endpoint. The endpoint must
reregister with the new gatekeeper before it can continue H.323 operations.
For an example of configuring gatekeeper HSRP support, see the “H.323 Gatekeeper and Proxy
Configuration Examples” section.
H.323 Proxy Features
Each of the following sections describes how the proxy feature can be used in an H.323 network:
•
•
•
Application-Specific Routing, page 301
Security
When terminals signal each other directly, they must have direct access to each other’s addresses. This
exposes an attacker to key information about a network. When a proxy is used, the only addressing
information that is exposed to the network is the address of the proxy; all other terminal and gateway
addresses are hidden.
There are several ways to use a proxy with a firewall to enhance network security. The configuration to
be used depends on how capable the firewall is of handling the complex H.323 protocol suite. Each of
the following sections describes a common configuration for using a proxy with a firewall:
•
Proxy Inside the Firewall, page 298
•
Proxy in Co-Edge Mode, page 299
•
Proxy Outside the Firewall, page 300
•