The IP address private VC directly to the public IP address

Hello

I'm a bit puzzled as to why a specific call, I saw worked for a couple of guests and wonder if there was no change in the situation in the H.323 protocol that allows a form any NAT crossing built natively into the codec without involving and external gateway function.

the reason I ask is the following

I got a call from a customer with a codec on a private no routable IP to my system that is located on a public IP address, the client had no details of NAT configuration in the endpoint and was able to call my system directly without issue by calling directly to my public IP address.

historically now if I had a system on a private IP address was sitting behind a NAT, I expect that the public system IP would see no routable IP address of the H.225 message and try to answer the private IP RTP media that would not go through, it does not seem to occur.

the call that I have lived seemed ends without problem, media flowed in both directions.

My endpoint is a Cisco edge 85 on the version of the firmware F9.x

the other codec parts is an 85 edge on the version of the firmware F9.x

My codec is on a public IP address that is completely open to the H.323 ports

the other codec parts is on a private IP address.

while I can't call the other party, the other party may call for me, and I wonder how it worked, taking into account the fact that there is no gateway service aware H.323 in the call, either a VCS or aware firewall H.323.

Experience, firewalls and other gateways outside of Cisco, Tandberg, Polycom, have struggled to deal with the new H.323 version, again this is why I'm puzzled as to why the call worked.

I did a bit of reading on the new version of H.323 and noticed the option multiplex logical channel, however on a call where I saw this apparently works again of a life-size codec for a Codian MCU 4505 shows no sign of this logical channel multiplex, unless that is named differently in the newspapers that the ITU document calls the function.

greatly appreciated all all all the answers, I don't understand exactly how the firewall impact VC calls.

Thinking with portals

The MXP has NAT builtin functions. Please take a look at the guide admin 9.x:

http://www.Cisco.com/en/us/docs/Telepresence/endpoint/MXP-series/F9/administration_guide/mxp_series_administrator_guide_f90_excl-full-menu-structure.PDF

The description of the NAT setting is on page 77.

EX series admin guide http://www.cisco.com/en/US/docs/telepresence/endpoint/ex-series/tc6/administration_guide/ex-series-administrator-guide-tc62.pdf has the same details on page 63.

Tags: Cisco Support

Similar Questions

  • Configure my VCSC with VCSe on the public IP address

    Hi guys,.

    I have a session of control VCS under my company Private IP and I my client on public IP VCSe.

    It will be possible to configure my VCSC with the VCSe after the configuration of the areas?

    The ports must be opened by my team of firewall in this scenario?

    Anything else I need to keep in mind.

    For the record, it is only for the objective test.

    You will appreciate any response.

    Thank you

    Saurabh

    > Then, practically there is no as such risk, and my client can use the public IP address on VCSe

    > without going to double network Option key. (which is used to secure more VCSe).

    Cisco highly recommend VCS-E deploy under the DMZ but it's true, too, many customers deploy VCS - E on public network directly.

    Please visit https://supportforums.cisco.com/thread/2154738?tstart=150 for more information security VCS.

    Next version of the plan to be supported VCS X7.2 software build - in the characteristic basic firewall, which allows configuration to allow/deny list based on the IP / port / protocol which should contribute to better security level or even VCS-E deployment on the public network directly.

    > So, I'll ask my client just buy a public IP address, that's all, and we are ready to go?

    A public IP will demand on VCS Expressway, VCS control can be use the NAT address glow (IE share internet access of the network of offices).

    You must also SRV DNS management (if small deployment probably better to use the external DNS service, there are a lot of company provide a service the two service also responsible DNS hosting and as free service).

  • Oracle Database 11 g RAC 2: role of the Public, private, virtual, and SCAN IPs.

    Hi Experts,

    1 can you please let me know why we need to set up under IP addresses for the RAC configuration and what is the role that each plays?


    -Public
    -Private
    -Virtual
    -SCAN

    2. What is the relationship between IP SCAN and virtual IPs?

    Concerning

    Hello

    859875 wrote:
    Hi Experts,

    1 can you please let me know why we need to set up under IP addresses for the RAC configuration and what is the role that each plays?

    -Public

    Configured before installation for each node and can be resolved at this node before installing.
    Role:
    Enable Virtual/SCAN configuration/communication between the nodes in the cluster. Do not start the Clusterware without public IP Interface/address.
    Virtual/SCAN will work as an alias IP on the public Interface on the Public network.

    -Private or interconnection

    Configured before installation, but on a separate private network, with its own subnet, which is not resolved except by other nodes in the cluster member
    Role:
    Clusterware uses for cluster synchronization (network heartbeat) interconnection and communication of demon among the nodes in the cluster.
    RAC uses the interconnect for cache fusion (UDP) and inter-process communication (TCP).
    Cache Fusion is the remote Oracle buffers, shared memory mapping between the caches of the members of the cluster nodes.

    -Virtual

    Configured before installation for each node, but not currently in use. IP, VIP and treats public SCAN addresses than any other addresses on the same subnet.
    Role:
    The goal is the availability of the applications. If add or remove nodes as your remove VIP client config (with SCAN, it is not necessary)
    When a node fails, the VIP associated with it is automatically failed over to another node.
    Without using VIPs or FAN, clients connected to a node who died often wait a TCP timeout (which can be up to 10 min) before getting an error.
    So, you don't have really a good HA solution without using VIPs and FAN. The best way to use the FAN is to use a client integrated with fast connection failover (FCF) such as JDBC, OCI, or ODP.NET.

    -SCAN

    Three static IP addresses that are configured on the server (DNS) domain names prior to installation so that the three IP addresses are associated with the name provided as the SCAN, and all three addresses are returned in random order by the DNS to the applicant
    Configured prior to installation in the DNS to resolve the addresses that are not currently in use. Addresses on the same subnet than all other IP addresses, addresses VIP and public SCAN
    Role:
    The goal is the availability of the applications before clients establish communication with CARS and make the whole of the Cluster completely transparent.
    IP SCANNER is a new 'layer' (oracle) with high availability network that allows to modify the characteristics of your cluster (IE add/remove nodes) without having to change the configuration in their concept of customers 'grid '.
    >

    2. What is the relationship between IP SCAN and virtual IPs?

    IP SCANNER is used to receive new connection requests and redirects to the VIP IP.
    The virtual IP address sets and allow failover of connections after connection is established.

    When the client requests a connection, Oracle Client 11 GR 2 find for IP addresses and create a list of all IP SCAN available for this host-scan, the first attempt to connect to RAC uses one of the available SCAN IP addresses.
    The listener ANALYSIS will receive this connection and re - direct to one of the available using LOCAL_LISTENER nodes from that time the connection is made by using the virtual IP (VIP).

    All SCAN/VIP must be resolved by the DNS.

    The customer knows that there is only the Hostname SCAN, which is configured in the connection string.
    Once the connection is requested Oracle Clusterware redirects the connection to one of the VIP host name must be resolved by the DNS.

    Kind regards
    Levi Pereira

  • Can I use the address of the public by peers as PAT or NAT address also?

    With the help of an ASA 5505, I've only private local network IPs and a public IP address from my ISP for the address of the peer. Can I use this same internal peers like PAT or NAT for my private IP local IP address?  Remote VPN location policy is to not allow IP addresses private on their local network, so that they want public addresses to me. If possible, could you please show me an example of a config 5505 simple using the following IP addresses? (I need not the IPSec configuration, only the ACL/NAT config)

    I have four hosts who need to access a device at the remote location via an IPSec tunnel.  They are:

    local hosts:

    192.168.2.10, 11, 12, 13

    Say my public address peer is 205.188.15.34 and the remote peer is 175.10.144.52

    remote host:

    168.12.10.6

    Thanks for any help.

    jkeeffe wrote:
    

    Using an ASA-5505, I only have private IPs on the local LAN and one public IP address from my ISP for the peer address. Can I use that same peer IP address as a PAT or NAT for my internal local private IPs?  The remote VPN location policy is to not allow private IP address on to their local network, so they want public addresses from me. If that is possible, could you please show me a simple 5505 config example using the following IPs? (I don't need the IPSec config, only the ACL/NAT config)
    

    I have four hosts that need to access a device at the remote location via an IPSec tunnel.  They are:
    

    local hosts:
    

    192.168.2.10, 11, 12, 13
    

    Say my public peer address is 205.188.15.34 and the remote peer is 175.10.144.52
    

    remote host:
    

    168.12.10.6
    

    thanks for any help.

    Yes you can do it.

    the localhosts object-group network

    the object-network 192.168.2.10 host

    host of the object-Network 192.168.2.11

    etc...

    list the host 168.12.10.6 ip object-group localhosts allowed VPN access

    NAT (inside) 1 VPN access list

    Global 1 interface (outside)

    Crypto-map list would then look like this-

    VPNTRAFFIC ip host 205.188.15.34 access list permit 168.12.10.6

    One thing to note. The NAT example above is political NAT IE. If the source is-> 13 192.168.2.10 and the destination is 168.12.10.6 then the source to the public IP 205.188.15.34 NAT. However you may already have something like this in your config file-

    NAT (inside) 1 0.0.0.0 0.0.0.0

    Global 1 interface (outside)

    That is to say. you're natting all your addresses private to the public interface address for internet access in general. If you don't have that then there is no need to do NAT policy and you can't miss those lines that source addresses will be Natted anyway.

    the localhosts object-group network

    the object-network 192.168.2.10 host

    host of the object-Network 192.168.2.11

    etc...


    list the host 168.12.10.6 ip object-group localhosts allowed VPN access


    NAT (inside) 1 VPN access list

    Global 1 interface (outside)

    Jon

  • internal web server access to the content of the network using the public ip address

    Hi, I saw similar topics, but not a clear answer about it. I have a PIX 515e with two interfaces, a web server internal (ip 192.168.0.5) and internal users want to access the server by its (99.99.99.9) ie public ip address is not using DNS. Tried the command alias ' alias (inside) 99.99.99.9 192.168.0.5 "but does not work for http. I can access the server on the local network using the public address for smtp, pop3 and ftp with or without command alias, but not the http service. Any idea?

    a few quick comments.

    a function of the command "alias" is to force the pix to manipulate the dns response. However, you mentioned that you didn't use dns.

    'alias' command will also force the pix to send traffic to 192.168.0.5 when it receives a packet from the inside and intended to be 99.99.99.9. However, since the host and the server are located in the same segment, i.e. pix must re - route the packet to the inside interface, and this operation is not supported with pix v6.x.

    In addition, you mentioned the inside host can access the smtp, pop3 and ftp using 99.99.99.9. This is interesting because the host of 192.168.0.0 would not directly have access to the host of 99.99.99.x without router.

  • Convert VI from the private to the public

    Try to make a public private VI. I clicked open the class explore and moved the file from the private to the public. Then I moved it physically dir private to the public. Access to a class now, said public, saved from the class. When I try to put in a block diagram, it is always private. What should I do?

    Thank you

    JVH

  • reset the network from the public to the private

    I have windows vista home basic edition. some how network settings have changed to the public and I can't get to turn private when I try t connect to my home wireless network. It will show as unidentified and public and not let change me the settings.

    Hello

    Log in to the Network Center. In the image above, there is a link (right) to customize. Click on it and look at the options (down there also delete, merge option).

    Jack-MVP Windows Networking. WWW.EZLAN.NET

  • WiFi network tells me it is not secure and it is on the public network. How can I make private?

    Original title: privacy

    My wifi network tells me it is not secure and it is on the public network. How can I make private?

    You must go into the router settings to change that.  What brand/model is your router?  If it is integrated into your modem?

    You must set a network password that prevents people without using your wireless network.

  • Is it posible to the public ip address of the default locking?

    Is it posible to block the public IP address by default on multiWAN routers?

    I have several RV016 with up to 4 30Mbps Internet VDSL lines each and using the latest firmware to load 50-200 customer balance.

    When it is used for navigation, some sites will have to lock public source IP of the customer (especially sites that requires a user authentication).

    From a server point of view, public IP address will be between public IPs provided by ISP, automatic suite 4 round robin load balancing strategy.

    As public IP, read by the server changed server reduced session, users will need to enter username and password again to connect.

    Is it posible to lock this public IP for awhile to idle? (he has been featured on my old router BeWAN LX400H as "timer LockSource IP")

    ebarriera,

    The RV016 has no functionality like timer LockSource IP unfortunately. It's a common problem with load in the Cisco Small Business routers and key balancing mainly "secure them" traffic like HTTPS and RDP. I would test balance HTTP traffic and link HTTPS traffic to a WAN port and see if you get decent results.

    -Marty

  • SSH using the Public & Private Key

    Hi all

    I have the switch set to SSH and it does not work well. I know how to configure SSH in router using the command crypto. The new requirement araised now. My organization has created a pair of key - PRIVATE KEY & KEY PULIC common to society using a mechanism. The idea is that the PUBLIC KEY will move into devices like Unix, Linux servers. so the staff which is due to the PRIVATE KEY is only allowed to access the device. I try to add / install / import the PUBLIC KEY into the switch in the same way. But I do not have idea how to move forward. Please guide me how to import the PUBLIC KEY into the switch, so that anyone who is to have the PRIVATE KEY is allowed to connect to the device.

    R.B.KUMAR

    This feature is NOT supported on Cisco IOS or

    ASA. If you want to do something like this,

    I suggest you look at other such providers

    Nokia/Checkpoint, F5, or Juniper.

  • I deployed a private teredo server, I'm not using the public prefix 2001: 0 / 32, instead, I use the prefix 2001:2222 / 32

    Original title: windows 7 Teredo: how to configure the teredo prefix

    Hello

    I deployed a private teredo server, I'm not using the public prefix 2001: 0 / 32, instead, I use the prefix 2001:2222 / 32
    But I got win7 can't connect to my server if I use the prefix 2001:2222 / 32.
    A test, I put the prefix 2001: 0 / 32, win7 it can connect.
    How can I do so that win7 customer teredo can connect to my private server that use the prefix 2001:2222 / 32?

    Hi,

    The question you posted would be better suited in the TechNet Forums.

    I would recommend posting your query in the link below.

    Windows Server forums:

    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

    I hope that the information above helps you.

  • Telepresence Content Server: Dissemination to the Public and private users

    *****

    Infrastructure:

    TMS 14.5 (private network)

    VCS - C 8.5.1 (private network)

    VCS-E 8.5.1 (Public network)

    S5.3 TCS (private network)

    Codian: Supervisor 8500, MSE 8510, 8321 ISDN (private network)

    *****

    New to this, so I don't know what would be the best way to do this, but basically the goal is to broadcast videos of TCS to the users of the network internal as live audiences without security problems. Try to do this without an external broadcast service.

    It is the State that works very well for internal users, but is not available to public users because it's on a private network.

    Any help is greatly appreciated.

    Thank you
    Mike

    You will need to provide public access to your Cameras, you can consult the administration of CHT Guide for a list of ports. We have our TCS on a private network and have the lanes of traffic through the network load balancers that rely on the public network to provide all access public and private.

  • VPN client with counterpart on secondary ip address on the public interface of the router

    Hello

    On our office LAN, we have a Linux server than it hosting a VPN connection to a remote client.

    Do this to ISAKMP card on our Cisco router port connections to the internal ip address of the Linux host.

    However, we now want to allow our users to establish VPN connections to our local network using the unit of Cisco VPN Client.

    Of course, this would present challenges, as the ISAKMP our router port is mapped through an internal host.

    So, we tried to set up a secondary ip address on the router and VPN clients to connect to that.

    What we see in our newspapers is as follows:

    Phase 1 is very well established, and the VPN Client prompts the user for a user name and password.

    Authentication of the phase 2 starts, but the router says it's is not to receive a proposal of hash of the client.

    185 12:18:06.943 09/03/11 Sev = Info/4 IKE / 0 x 63000014
    RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:no_proposal_chosen)="" from="">

    (in this case, where x.x.x.x is the secondary ip address on the public interface)

    After that, the Phase 1 SA is removed and the connection fails.

    My understanding is that the Phase 2 negotiation takes place with the ip address assigned to the client in Phase 1, which suggests that the problem occurs because the client communicates with the main on the interface ip address, and no secondary ip address.

    When remove us the mapping of port isakmp and the VPN client to connect to the primary ip address, everything works fine.

    Question:

    It is possible to establish 2 router VPN Client uses a secondary ip address?

    If not, is there some way I can implement the port mapping so that it occurs, the connection comes from a specific ip address?

    Garreth

    Should be supported on IOS.

    The command is crypto ctcp port...

    Check this link:

    http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps6659/prod_white_paper0900aecd8061e2b3.html

    Federico.

  • How can I hold the public IP address on a specific profile on the asa 5510

    Hi guys

    How can I hold the public IP address on my session NAT VPN cisco customer for no one else can use it? I have a cisco ASA 5510

    the Interior is 172.10.20.86

    public 166.245.192.90

    Need to call my ISP?

    Thank you

    Sorry to say but your qustion is not very clear. Can you please post what you are trying to achieve?

    Thank you

    Ajay

  • I want to create a PRIVATE within my site from MUSE section so that it is password protected... many of my clients may not have their information visible to the public

    I want to create a PRIVATE within my site from MUSE section so that it is password protected... many of my clients may not have their information visible to the public

    You can not. Without a suitable backend server, that is. This has nothing to do with the creation of the page, it's a technical thing.

    Mylenium

Maybe you are looking for

  • Can Tecra A10 - I install 1 TB hard drive?

    Dear forum I think put a 1 TB of HARD drive in the laptop. Please anyone know this model can take any hard drive 1 TB laptop pleaseAlso this laptop can have 2 mounted hard drives pleaseBest wishesIan

  • 2010 streets &amp; trips

    License 0xC004D301 error. This happened last year and I was able to talk to a representative that "reset" of the license. It could happen again or will I have to buy another piece of software?

  • How he handles the labview to more generic class

    It's just a matter for my own knowledge of curious nerd. If you, say, have a cluster that contains a string, a Boolean value, and a digital control, a common method to reference the controls in the cluster is to create a cluster of reference and then

  • Double OS at startup

    I just got my computer m380n HP back up and running after a reformat and XP Home installed and got all drivers finally with the great help here. One small problem is that when I start the computer now, it goes to a black screen and wonder what operat

  • What is ox error 80070057

    I can't put a video I did in Movie maker from my pictures or play a movie I did in Movie maker. He tells me that there is an ox80070057 error. How can I fix this. It didn't the last time I made a movie.