H.320 gateways a MEGACO / ITU

Matt Holdrege matt at ASCEND.COM
Wed Mar 31 17:36:01 EST 1999

Yes. Going back to my original point about IPsec, if you use AH then you
shouldn't need to do port-based filtering. If you don't use port-based
filtering and you don't need NAT, then you don't need proxies, right?

And I don't think anything in MEGACO (yet) uses dynamic ports anyway, right?

At 05:08 PM 3/31/99 -0800, Gary A. Thom wrote:
>This problem is independent of the type of encoding being used (PER or
text). The problem that
>you describe is related more to the use of dynamic ports which prevents
simple packet filtering.
>An h.323 proxy must parse the call signalling and H.245 messages to find
the dynamic ip
>address/port pair assignments. The h.323 proxy will be required whether
the encoding is asn.1 or
>text or anything else.
>  From: Melinda Shore <shore at ITHACA-VIENNASYS.COM>
>  Subject: Re: H.320 gateways a MEGACO / ITU
>  Date: Wed, 31 Mar 1999 16:45:05 -0500
>> There's a problem in that it makes the signaling channel sufficiently
>> complicated to parse that you end up having to put a proxy, or something
>> that looks an awful lot like a proxy, on the firewall in order to
>> pick up dynamically-allocated address/port tuples.  This has somewhat
>> negative architectural implications in that in a multi-firewall
>> environment (which is, alas, the norm when traversing multiple
>> administrative domains) you end up with tandemed signaling loops.
>> The short answer is that IP is supposed to be end-to-end
>> and that firewalls create a big disconnect between the IP network
>> and the IP telephony application-layer network.
>> Melinda
>Name   : Gary A. Thom
>Company: Delta Information Systems, Inc.
>Address: 300 Welsh Rd., Bldg 3
>         Horsham, PA 19044 USA
>Phone  : +1-215-657-5270         Fax : +1-215-657-5273
>E-mail : gthom at delta-info.com

More information about the sg16-avd mailing list