6.2.8. The H.323 ALG
Example 6.10. Using the H.323 ALG in a Corporate Environment
This scenario is an example of a more complex network that shows how the H.323 ALG can be deployed in a
corporate environment. At the head office DMZ a H.323 Gatekeeper is placed that can handle all H.323 clients in
the head-, branch- and remote offices. This will allow the whole corporation to use the network for both voice
communication and application sharing. It is assumed that the VPN tunnels are correctly configured and that all
offices use private IP-ranges on their local networks. All outside calls are done over the existing telephone
network using the gateway (ip-gateway) connected to the ordinary telephone network.
The head office has placed a H.323 Gatekeeper in the DMZ of the corporate D-Link Firewall. This firewall should
be configured as follows:
Web Interface
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: LanToGK
•
Action: Allow
•
Service: H323-Gatekeeper
•
Source Interface: lan
•
Destination Interface: dmz
•
Source Network: lannet
•
Destination Network: ip-gatekeeper
•
Comment: Allow H.323 entities on lannet to connect to the Gatekeeper
3.
Click OK
236
Chapter 6. Security Mechanisms