ok, another dumb question here. i have a border controller on my network, sitting outside the firewall to handle firewall traversal. im trying to connect to an organization that has no firewall traversal. can they just open the ports required for BC connection (1720tcp, 1719 udp, 5555-5560 udp, 2326-2573 udp) and utilize my FW traversal? or do they have to have their OWN traversal to get over their FW, then come into mine thru the BC?

What type and sw version is the BC?

Where is the BC sitting, i.e. completely public or in a DMZ?

Is there a GK involved here? For example, do you have a traversal link between your GK and BC?

Where are your EPs registered to? What type and sw version of EPs are they?

What type and sw version of EPs does the other organisation have?

...can they just open the ports required...or do they have to have their OWN traversal

If they have an endpoint that supports H.460.18/19 then they should be able to register to your BC and use your BC for FWT. If not, they will have to solve their firewall issue locally before being able to call you. They can solve their firewall issue by opening all of the ports that both their endpoint requires and the endpoint/device at the far end requires -- remember all vendors use different ports since H.323 does not specify ports.

Sean

What type and sw version is the BC?
tandberg. sw 5.2


Where is the BC sitting, i.e. completely public or in a DMZ?


public


Is there a GK involved here? For example, do you have a traversal link between your GK and BC?

yes


Where are your EPs registered to? What type and sw version of EPs are they? to my gatekeeper. theyre all mxps running 6.3

What type and sw version of EPs does the other organisation have?
VSX. according to the BC documentation, they are compatible

If they have an endpoint that supports H.460.18/19 then they should be able to register to your BC and use your BC for FWT. If not, they will have to solve their firewall issue locally before being able to call you. They can solve their firewall issue by opening all of the ports that both their endpoint requires and the endpoint/device at the far end requires -- remember all vendors use different ports since H.323 does not specify ports.

Sean

ok cool. thats what i wanted to know. i just wasnt sure if it required two BC (one on each end). sounds like it oughta work

thanks everyone

remember all vendors use different ports since H.323 does not specify ports.
Sean

what ports do Polycom use?

what ports do Polycom use?

http://knowledgebase.polycom.com/kb/search.do?cmd=displayKC&docType=kc&externalId=12157&sliceId=SAL_PUBLIC_1_2&dialogID=5478108&stateId=1%200%205480021

Sean

H.323 Ports:

• 80 - Static TCP - HTTP Interface (optional) Address Book Utility

• 389 - Static TCP - ILS Registration (LDAP)

• 1503 - Static TCP - T.120

• 1718 - Static UDP - Gatekeeper discovery (Must be bidirectional)

• 1719 - Static UDP - Gatekeeper RAS (Must be bidirectional)

• 1720 - Static TCP - H.323 call setup (Must be bidirectional)

• 1731 - Static TCP - Audio Call Control (Must be bidirectional)

• 1024-65535 Dynamic TCP H245

• 1024-65535 Dynamic UDP - RTP (Video data)

• 1024-65535 Dynamic UDP - RTP (Audio data)

• 1024-65535 Dynamic UDP RTCP (Control Information)

but assuming they can register to my BC, they only need the ones i mentioned in my first post, correct?

FWIW, on the border controller, you can select "allow calls from unregistered callers" and then list the extension you want it to go to. this works if the number of unregistered calls in are minimal (which they are for me).

FWIW, on the border controller, you can select "allow calls from unregistered callers" and then list the extension you want it to go to. this works if the number of unregistered calls in are minimal (which they are for me).

Yes, and then you can point this feature to an Entrypoint, MCU or maybe a receptionist that can forward the call.

Sean