Re: Nated endopints

["Stewart Nelson" <sn@xxxxxxxxxxx>]

Does your system work properly when the endpoint is on the public Internet,
but not behind a NAT? If not, you should debug that first, because it's simpler.
As a start, if your GK public IP is 1.2.3.4, try setting
NetworkInterfaces=172.24.14.0/24,1.2.3.4/0

If endpoints on a public IP do work, your security hardware must be
rewriting the H.323 packets, because the GK (as you have it configured)
doesn't know its public address, and yet the Setup is somehow getting
to it.  I would then suspect that this 'H.323 proxy' is not configured
to be compatible with gnugk.  Sorry, I know nothing about pix or rad defense.

--Stewart

----- Original Message ----- 
From: "hernan arteta" <h_arteta@xxxxxxxxxxx>
To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Monday, November 01, 2004 1:31 PM
Subject: Re:  Nated endopints


> Yes, the gk it's behind a firewalls (cisco pix latest software) and a content manager (rad defense 
> pro), gw is published outside the defense with a public ip.
> the enpoint it's connected to internet by adsl and a nat box, the gk refuse the registration.
> so I cant call
> Regards
> Hernan
>
>
> > From: "Stewart Nelson" <sn@xxxxxxxxxxx>
> > Reply-To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> > To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
> > Subject: Re:  Nated endopints
> > Date: Sun, 31 Oct 2004 18:07:29 +0100
> >
> > Is the gatekeeper itself behind a NAT (172.24.14 is a private network)?
> > Does the failing endpoint's NAT have 172.24.14 on the WAN side?
> >
> > It is normal for the RCF message on the status port to show both the
> > private and public addresses of the endpoint.  If that is what you
> > see, the registration is probably ok.  What happens when you try to call?
> >
> > --Stewart
> >
> > ----- Original Message ----- From: "hernan arteta" <h_arteta@xxxxxxxxxxx>
> > To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
> > Sent: Sunday, October 31, 2004 5:10 PM
> > Subject:  Nated endopints
> >
> >
> > > Hi,
> > > I have running gnugk + mysql + radius succesfully for a couple of months, my problems start with 
> > > nated enpoints, for some reason the gatekeeper register the endpoints with th private ips also 
> > > UseBroadcastListener = 0 means that tehe gatekeeper will not use broadcas from gateway for 
> > > register dont work, I have to compile gnugk with special options
> > >
> > > I include my configuration, maybe someone can help me and tell me waht is wrong
> > > regards
> > > Hernan
> > > [Gatekeeper::Main]
> > > Fourtytwo=42
> > > Name=NXTL-GK01
> > > TimeToLive=120
> > > Home=172.24.14.50
> > > NetworkInterfaces=172.24.14.0/24
> > > UseBroadcastListener=0
> > >
> > > [RoutedMode]
> > > GKRouted=1
> > > H245Routed=0
> > > CallSignalPort=1720
> > > SendReleaseComplete=1
> > > SupportNATedEnpoints=1
> > >
> > > [GkStatus::Auth]
> > > rule=allow
> > >
> > > [gatekeeper::Auth]
> > > RadAliasAuth=sufficient;RRQ;ARQ
> > > default=alow
> > >
> > > [RadAliasAuth]
> > >
> > > Servers=172.24.14.50
> > > LocalInterface=
> > > SharedSecret=secret
> > > RequestTimeout=2000
> > > IdCacheTimeout=9000
> > > SocketDeleteTimeout=60000
> > > RequestRetransmissions=2
> > > RoundRobinServers=1
> > > AppendCiscoAttributes=1
> > > IncludeTerminalAliases=1
> > > IncludeEndpointIP=1
> > >
> > > [RasSrv::GWPrefixes]
> > > AS5350GW=940,981,9822,9823,9824,9825,9826,9827,9828,9829,983
> > >
> > > [Gatekeeper::Acct]
> > > RadAcct=required
> > >
> > > [RadAcct]
> > > Servers=172.24.14.50
> > > LocalInterface=
> > > #RadiusPortRange=10000-11000
> > > #DefaultAuthPort=1645
> > > SharedSecret=secret
> > > RequestTimeout=2000
> > > IdCacheTimeout=9000
> > > SocketDeleteTimeout=60000
> > > RequestRetransmissions=2
> > > RoundRobinServers=1
> > > AppendCiscoAttributes=1
> > > IncludeTerminalAliases=1
> > > IncludeEndpointIP=1
> > > CheckSetupUnregisteredOnly=0
> > > FixedUsername=
> > > FixedPassword=
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by:
> > Sybase ASE Linux Express Edition - download now for FREE
> > LinuxWorld Reader's Choice Award Winner for best database on Linux.
> > http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
> >
> > _______________________________________________________
> >
> > List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> > Homepage: http://www.gnugk.org/
>
> _________________________________________________________________
> MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
>
> _______________________________________________________
>
> List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> Homepage: http://www.gnugk.org/



-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/