Proxy inside the firewall – Cisco H.323 VC-289 User Manual
Page 10
Configuring H.323 Gatekeepers and Proxies
H.323 Proxy Features
VC-298
Cisco IOS Voice, Video, and Fax Configuration Guide
Proxy Inside the Firewall
H.323 is a complex, dynamic protocol that consists of several interrelated subprotocols. During H.323
call setup, the ports and addresses released with this protocol require a detailed inspection as the setup
progresses. If the firewall does not support this dynamic access control based on the inspection, a proxy
can be used just inside the firewall. The proxy provides a simple access control scheme, as illustrated in
Figure 58
Proxy Inside the Firewall
Because the gatekeeper (using RAS) and the proxy (using call setup protocols) are the only endpoints
that communicate with other devices outside the firewall, it is simple to set up a tunnel through the
firewall to allow traffic destined for either of these two endpoints to pass through.
S6913
Terminals
Gatekeeper
Firewall
Edge router
Outside
devices
Proxy