Hi, you need 1 public IP total. On that runs a GnuGk. You can register all your 7 (?) endpoints to this gatekeeper directly if they support H.460.18, or each location has its own gatekeeper that forms a traversal zone with the gatekeeper on the public IP. Jan Joao Alexandre wrote: > Hi Jan, > > Thank you for your advice, but this really knocks me down. > > How the hell would we receive calls from outside without port forwarding to > our GnuGK or directly to one of the endpoints (we don't have enough public > IPs to expose endpoints or a GK to the Internet)? > > >From what I've heard from some IT guys with whom we had to talk and test > VCs, they were using endpoints directly connected to the Internet and if > you can afford that, isn't this a security concern? From what I've seen in > our SX20 they have a lot of services running and possibly some > vulnerabilities. > > By the way, do you have anymore tips regarding my questions and also David > comments? > > Cheers, > > Joao > > > > > On Tue, Jun 25, 2013 at 12:37 PM, Jan Willamowius <jan@xxxxxxxxxxxxxx>wrote: > > > Hi, > > > > I just want to quickly warn anybody to rely on port forwarding for any > > production setup. > > > > Yes, in principle it is possible to configure port forwarding > > correctly, but is one of the hardest things you can attempt in H.323 > > configurations and its one of the most common errors I see supporting > > clients. In this day and age where traversal protocols are widely > > available there really is no need to try something that hard. > > > > Use NAT traversal protocols (H.460.18/.19). > > > > Regards, > > Jan > > > > > > Joao Alexandre wrote: > > > Hi David, > > > > > > Thank you very much for your quick response. > > > > > > > One GK per site enables you to be able to place phone > > > > calls within one site, even if the VPN is down. > > > > > > This makes sense, specially in the cases where the VPN doesn't depend on > > > Internet access or where we have more than one endpoint. > > > > > > >The next questions would be, how exactly shall a "NUMBER@IP" be > > resolved > > > >if one of your external partners calls in, or you're calling out to them > > > >(i.e. RAS/LRQ or no RAS)? Can you dial IP addresses on your phone? Or > > > >would you have to adjust your dial-plan to enable outgoing dialling? > > > > > > By the way, our endpoints are Cisco SX20 and Sony PCG-50 , so we can dial > > > NUMBER@IP and IP#NUMBER respectively. We've also 1 LifeTime Passport. > > > > > > Where does or doesn't the neighbor feature fits in? > > > > > > Right now in production we've only one GnuGK(Debian, 3.3), nated with > > port > > > forwarding, and all the endpoint registered with it. We can dial outside > > > from any endpoint (most of the time) but receiving calls from the outside > > > doesn't work most of the time. > > > > > > I've done some tests with 2 GnuGK (3.3) with neighbor configuration, I > > > could receive calls (using for test a PC with Polycom PVX) either on both > > > GK using NUMBER@GatewayIP (wether the endpoints were registered on > > anyone > > > of the GKs), could dial outside to an IP, but when I tried to dial inside > > > out to NUMBER@IP it fails saying calledPartyNotRegistered. > > > > > > >From your comments, I think that the best for us would be 2 GnuGK > > (acting > > > as gatekeeper and gateway, nated with port forwarding) at our two main > > > sites, wether they should be configured as neighbors depends on my > > ability > > > to make them work. > > > > > > Thanks again. > > > > > > Regards, > > > > > > Joao -- Jan Willamowius, jan@xxxxxxxxxxxxxx, http://www.gnugk.org/ ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
