::香农::青岛数据恢复中心::

H.323穿越防火墙和网关的服务器配置

如何让Windows 2000和Windows 2003 中的NAT支持H.323协议:

netsh routing ip nat add h323

很不幸的是,由于存在重大安全漏洞,windows 2003 SP1和SP2已经删除了“路由和远程访问”对H.323协议的支持,也就是说,在windows 2003 SP1和SP2中H.323已经无法穿透NAT。

微软给出了在ISA 2004上发布Polycom的解决方案:

ISA Server 2004 is an application-aware firewall and as such, devices that try to "outsmart" a NAT firewall can cause difficulties when you try to publish those devices. The following steps describe the process used to publish this device.

  1. Disable the ISA Server H.323 Filter Add-in.
  2. On the Polycom, disable NAT support.
  3. On the Polycom, disable H.323 knowledge of NAT.
  4. On the Polycom, configure fixed TCP and UDP ports; this device only allows configuring the starting ports. Use starting port numbers of TCP 3230 (automatic ending port 3235) and UDP 3230 (automatic ending port 3253).
  5. On the Polycom, configure the public address as manual with the appropriate external public address that will be used on the ISA Server.
  6. On the Polycom, configure the public address for the public directory.
  7. On the Polycom, configure the LAN IP settings to include the ISA Server as the external gateway (directly or indirectly through other routers).
  8. On the ISA Server, create a new protocol definition named "Polycom Inbound TCP 1720" for incoming TCP port 1720.
  9. On the ISA Server, create a rule named "Polycom Inbound TCP 3230-3235" for incoming TCP ports 3230-3235.
  10. On the ISA Server, create a rule named "Polycom Inbound UDP 3230-3253" for incoming UDP ports 3230-3253.
  11. On the ISA Server, create a publishing rules for each of the protocol definitions, publishing the internal Polycom IP address. Be sure to set the publishing rule to set the traffic to appear as coming from the ISA server, NOT the original client.
  12. Optionally, on the ISA Server, create a web publishing rule to for the administration web site on the Polycom (HTTP on TCP port 80). This is not necessary for normal use but can be helpful when troubleshooting and testing.
  13. On the ISA Server, created a client protocol definition, “Polycom Outbound”, with ports TCP 3230-3235 and UDP Send 3230-3253.
  14. On the ISA Server, create a rule called “Videoconferencing Outbound” allowing the “H.323 Protocol” protocol from "Internal" to "External" for “All Users”.
  15. On the ISA Server, create a rule called “Polycom Outbound” allowing the “H.323 Protocol” protocol from "Internal" to "External" for “All Users”.

To diagnose the configuration, you can use NetMeeting on an external IP address connecting to the ISA Server published public address. The Polycom administration pages include a Diagnostics page that allows for viewing the local video and remote video. That means an administrator can remotely see the full call traffic on both sides (NetMeeting for the remote view, the admin pages for the local view).

相关文章 

随便看看 

  1. 旅馆无线上网信号覆盖和优化
    最近青岛香农做了一个小型旅馆的无线上网信号覆盖,无论从我们的角度还是客户的角度来看,都比较满意。从最终的效果来看:一是成本...
    阅读全文
  2. 警惕Cryptolocker加密锁病毒
    Cryptolocker具有划时代的意义的一种病毒,堪比当年的的CIH病毒。Cryptolocker病毒会将电脑中或具有写...
    阅读全文
  3. 无线路由器的电磁辐射+孕妇如何防辐射+防辐射服的讨论
    作为一名通信专业的工程师,我从来不相信什么所谓的“电磁辐射”。但是,就在最近一台无线路由器引起了我对这个问题的一点兴趣,并...
    阅读全文