Firewall Traversal And Authentication; Authentication And Ntp - Cisco TelePresence Administrator's Manual

Telepresence video communication server

Hide thumbs Also See for TelePresence:

Administrator's manual (507 pages)

Manual (24 pages)

Specifications (7 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

Table of Contents

Grey Headline (continued)

Firewall traversal and authentication

To control which systems can use the VCS

Expressway as a traversal server, each VCS

Control or Gatekeeper that wants to be its

client must first authenticate with it.

Upon receiving the initial connection request

from the traversal client, the VCS Expressway

asks the client to authenticate itself by

providing its authentication credentials. The

VCS Expressway then looks up the client's

credentials in its own authentication database.

If a match is found, the VCS Expressway

accepts the request from the client.

The settings used for authentication depend

on the combination of client and server being

used. These are detailed in the table opposite.

All VCS and Gatekeeper traversal

clients must authenticate with the VCS

Expressway, regardless of the VCS

Expressway's Authentication mode setting.

However, endpoint clients are only required to

authenticate if the VCS Expressway's

Authentication mode is On.

Authentication and NTP

All VCS and Gatekeeper traversal clients that

support H.323 must authenticate with the

VCS Expressway. The authentication process

makes use of timestamps and requires that

each system uses an accurate system time.

The system time on a VCS is provided by a

remote NTP server. Therefore, for firewall

traversal to work, all systems involved must be

configured with details of an NTP

server.

Overview and

System

Introduction

status

configuration

D14049.08

November 2010

Client

Cisco VCS Control or Cisco VCS Expressway

•

The VCS client provides its Authentication username and

Authentication password. These are set on the traversal client zone

by using VCS configuration > Zones > Edit zone, in the Configuration

section.

Endpoint

•

The endpoint client provides its Authentication ID and Authentication

Password.

TANDBERG Gatekeeper (version 5.2 and earlier)

•

The Gatekeeper looks up its System Name in its own authentication

database and retrieves the password for that name. It then provides

this name and password.

TANDBERG Gatekeeper (version 6.0 or later; 6.1 or later is the

recommended version)

•

The Gatekeeper provides its Authentication Username and

Authentication Password. These are set on the Gatekeeper by

using Gatekeeper Configuration > Authentication, in the External

Registration Credentials section.

Cisco VCS Control or Cisco VCS Expressway

•

If Authentication is On on the Border Controller, the VCS client provides

its Authentication username and Authentication password. These are

set on the traversal client zone by using VCS configuration > Zones >

Edit zone, in the Configuration section.

•

If the Border Controller is in Assent mode, the VCS client provides its

Authentication username. This is set on the traversal client zone by

using VCS configuration > Zones > Edit zone, in the Configuration

section.

Cisco VCS

Zones and

Clustering and

configuration

neighbors

peers

Overview

Server

Cisco VCS Expressway

•

The traversal server zone for the VCS client must be configured

with the Client authentication username. This is set on the VCS

Expressway by using VCS configuration > Zones > Edit zone, in the

Configuration section.

•

There must also be an entry in the VCS Expressway's authentication

database with the corresponding client username and password.

Cisco VCS Expressway

•

There must be an entry in the VCS Expressway's authentication

database with the corresponding client username and password.

Cisco VCS Expressway

•

The traversal server zone for the Gatekeeper client must be configured

with the Gatekeeper's System Name in the Client authentication

username field. This is set on the VCS Expressway by using VCS

configuration > Zones > Edit zone, in the Configuration section.

•

There must be an entry in the VCS Expressway's authentication

database that has the Gatekeeper's System name as the username,

along with the corresponding password.

Cisco VCS Expressway

•

The traversal server zone for the Gatekeeper client must be configured

with the Gatekeeper's Authentication Username. This is set on the

VCS Expressway by using VCS configuration > Zones > Edit zone, in

the Configuration section.

•

There must also be an entry in the VCS Expressway's authentication

database with the corresponding client username and password.

TANDBERG Border Controller

•

If Authentication is On on the Border Controller, there must be an entry

in the Border Controller's authentication database that matches the

VCS client's Authentication username and Authentication password.

•

If the Border Controller is in Assent mode, the traversal zone

configured on the Border Controller to represent the VCS client must

use the VCS's Authentication username in the Assent Account name

field. This is set on the Border Controller via TraversalZone > Assent >

Account name.

Call

Bandwidth

processing

control

133

CISCO TELEPRESENCE

VIDEO COMMUNICATION SERVER

Firewall

Applications

Maintenance

traversal

ADMINISTRATOR GUIDE

Appendices

Table of Contents

This manual is also suitable for:

Telepresence x5.1

Firewall Traversal And Authentication; Authentication And Ntp - Cisco TelePresence Administrator's Manual

Firewall traversal and authentication

Authentication and NTP

Related Manuals for Cisco TelePresence

Related Content for Cisco TelePresence

This manual is also suitable for:

Table of Contents