Your understanding about NAT related difficulties is partially correct: the issue really arises from the fact that H.323 is an umbrella that supports numerous protocols and transports. If a transport, such as HTTP or RTSP, embeds IP addresses in the payload portion of IP traffic (rather than just in the header), when those packets get segmented or fragmented, that data becomes difficult to track and use. Your best solution is to contact your gatekeeper or gateway vendor and ask them about the most secure set of protocols to use for H.323 sessions between NAT'd subnets. Unfortunately, such solutions are very much vendor-specific; since I don't want to write a book on the subject I can only give you an injunction to research the matter with your vendor or vendors. Other possible solutions include:
- setting up VPN links and punching specific ports through your firewalls
- working with robust NAT implementations that permit some addresses to be handled (obviously, public addresses are essential) without translation
- using a dual-homed gateway or gatekeeper and passing traffic through the public (untranslated) address side of the box
- situating a video-teleconferencing box in your DMZ or on the public side of your Internet interfaces and tunnelling traffic between that box and the private site of your network
- selecting alternate H.323 compatible transports that don't embed address data in streaming video payloads
Dig Deeper on Network Security Monitoring and Analysis
Related Q&A from Ed Tittel
When Windows Update malfunctions, IT must follow this four-step process to fix the problems. Be sure to have admin privileges before getting started. Continue Reading
Without the latest Windows Defender updates, your users' desktops won't be completely protected. When update problems occur, there are several ... Continue Reading
Microsoft offers some built-in troubleshooting methods to resolve Windows Update problems. There are also some third-party options IT should be aware... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.