Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Endpoint traversal technology requirements
The "far end" (at home or at a hotel, for example) endpoint requirements to support firewall traversal are
summarized below:
summarized below:
n
For H.323, the endpoint needs to support Assent or H460.18 and H460.19.
n
For SIP, the endpoint just needs to support standard SIP.
l
Registration messages will keep the "‘far end" firewall ports open for VCS to send messages to that
endpoint. The VCS waits for media from the endpoint behind the firewall, before returning media to it on
that same port – the endpoint does have to support media transmission and reception on the same port.
endpoint. The VCS waits for media from the endpoint behind the firewall, before returning media to it on
that same port – the endpoint does have to support media transmission and reception on the same port.
l
The VCS also supports SIP outbound, which is an alternative method of keeping firewalls open without
the overhead of using the full registration message.
the overhead of using the full registration message.
n
SIP and H.323 endpoints can register to the VCS Expressway or they can just send calls to the VCS
Expressway as the local "DMZ" firewall has relevant ports open to allow communication to the VCS
Expressway over SIP and H.323 ports.
Expressway as the local "DMZ" firewall has relevant ports open to allow communication to the VCS
Expressway over SIP and H.323 ports.
communications between themselves. Media can be sent directly from endpoint to endpoint, from endpoint
via the outside IP address of the destination firewall to the destination endpoint, or from the endpoint via a
TURN server to destination endpoint.
via the outside IP address of the destination firewall to the destination endpoint, or from the endpoint via a
TURN server to destination endpoint.
n
The VCS supports ICE for calls where the VCS does not have to traverse media (for example if there is no
IPv4/IPv6 conversion or SIP / H.323 conversion required); typically this means 2 endpoints which are able
to support ICE, directly communicating to a VCS Expressway cluster.
IPv4/IPv6 conversion or SIP / H.323 conversion required); typically this means 2 endpoints which are able
to support ICE, directly communicating to a VCS Expressway cluster.
n
H.323 firewall traversal protocols
The VCS supports two different firewall traversal protocols for H.323: Assent and H.460.18/H.460.19.
n
Assent is Cisco’s proprietary protocol.
n
H.460.18 and H.460.19 are ITU standards which define protocols for the firewall traversal of signaling and
media respectively. These standards are based on the original Assent protocol.
media respectively. These standards are based on the original Assent protocol.
A traversal server and traversal client must use the same protocol in order to communicate. The two
protocols each use a different range of ports.
protocols each use a different range of ports.
SIP firewall traversal protocols
The VCS supports the Assent protocol for SIP firewall traversal of media.
The signaling is traversed through a TCP/TLS connection established from the client to the server.
Media demultiplexing
The VCS Expressway uses media demultiplexing in the following call scenarios:
Cisco TelePresence Video Communication Server Administrator Guide (X8.2)
Page 50 of 542
Firewall traversal
About firewall traversal