Educause Security Discussion mailing list archives
Re: Tandberg Videoconferencing via ISA or NAT?
From: "William C. Moore II" <wcmoore () VALDOSTA EDU>
Date: Thu, 25 May 2006 15:12:49 -0400
Charlie, We have several Tandberg and Polycom video conferencing units in place and have been using them to connect to other institutions (private, higher ed., k-12, international, etc) for quite some time now. While I am not intimately familiar with unit setup, we have worked diligently on troubleshooting connectivity problems. Also, I am not sure if our techs have worked with the 2500 series. Now all that being said here are some items for you to look into: 1. Static IP for unit and static NAT. 2. Set all units (local and distance) to use static range of ports (default setting with most units is dynamic range). Dynamic port ranges on video conferencing equip. create more problems for firewall Admins than you can possibly believe. Setting the unit to "static ports" is usually a predefined set of TCP and UDP ports. Communicate these IPs and ports to the firewall Admin for rule sets. 3. Check if traffic is crossing more than one firewall. This is especially true for Polycom units but packet fragmentation is a pain and while the PIX has it's "fixup" settings some campuses are more creative with their firewall iterations. However, this issue is less frequent than it once was. One campus that I am aware of has placed their video conferencing units completely outside of their perimeter firewall to negate firewall/video conferencing issues. Their video conferencing network is completely separate from their data network and this works very well for them. Our techs have been testing various newer Tandberg units such as the "Border Controller" and "Gatekeeper" with mixed reviews. We are doing this because of our multipoint video conferencing needs. One of our departments is working with sign language training and interpretations to off campus areas and latency or "jittering" video can completely change a phrase into something different. If anyone has suggestions for multipoint video conferencing and can provide best practice information to help combat latency I would be extremely grateful. Bill William C. Moore II, CISSP, MEd, MLIS Assistant Director of Information Technology Information Security Valdosta State University Valdosta, GA 31698 Phone:(229)333-5974 Fax: (229)245-4349 *********************************************************************** The information transmitted is intended only for the person addressed. Any unauthorized review, distribution or other use of or the taking of any action in reliance upon this information is prohibited. If you received this message in error, please contact the sender and delete or destroy this message and any copies. *********************************************************************** ________________________________________ From: Charlie Prothero [mailto:Charlie.Prothero () KEYSTONE EDU] Sent: Wednesday, May 17, 2006 15:37 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Tandberg Videoconferencing via ISA or NAT? Hi, all! We have a couple of Tandberg 2500 videoconferencing systems that are primarily used inside our private network to connect our main campus and a remote (T1 connected) site 60 miles away. They work great, but have never needed to connect anywhere but to each other. Now, were looking at connecting to the outside world for the first time, and the documentation we have isnt clear on how to do that. We use 10.x.x.x private addresses inside our network and have MS NAT and ISA servers for connectivity to the Internet. We have tried simply turning on NAT in the Tandbergs codec, and supplying the address of our NAT box, but were obviously missing something. ISA seems to have a comprehensive H.323 gatekeeper module, but all documentation I have on it is geared towards Netmeeting, and I dont know how applicable that would be. If anyone has a similar setup, I would most appreciate hearing how you made it work Thanks! - Charlie Charlie Prothero CIO Keystone College One College Green La Plume, PA 18440 570-945-8015
Current thread:
- Tandberg Videoconferencing via ISA or NAT? Charlie Prothero (May 17)
- <Possible follow-ups>
- Re: Tandberg Videoconferencing via ISA or NAT? Laurie Coles (May 18)
- Re: Tandberg Videoconferencing via ISA or NAT? Christian heroux (May 23)
- Re: Tandberg Videoconferencing via ISA or NAT? Kyle Barger (May 23)
- Re: Tandberg Videoconferencing via ISA or NAT? William C. Moore II (May 25)
- Re: Tandberg Videoconferencing via ISA or NAT? Charlie Prothero (May 27)