Re: Port forwarding to a client for VOIP
- From: Flyboy <Flyboy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 1 Dec 2006 20:48:02 -0800
I don't want to route voice - but rather data from a specific port - lets say
port 3399 to an internal LAN PC w/an IP address of 192.168.10.40 from the
outside world (internet). How would I go about that with ISA 2006? Yes, the
SOHOs make it easy by using their version of "Port Forwarding" - but how does
ISA handle this request?
"Phillip Windell" wrote:
There is no such thing as "port forwarding". That is a "slang" term created.
by the SOHO market and it really means nothing. The ports aren't being
forwarded, the ports aren't doing anything are going anywhere. I'm not
trying to be "picky",..you'll just have to trust me that it is important to
understand this. It is unfortunate that they have misled people by sticking
that term all over their product documentation and even in the configuration
interfaces of their SOHO devices.
The true process for what you are asking is called "Static NAT" or
optionally "Reverse NAT" and these terms accurately describe what is
happening,...and the focus of any type of NAT is always the IP#s which is
Layer3 (not the ports which are Layer4).
Anyway, now that the Classroom period is over..... :-)
With ISA what you are looking for is the feature "Server Publishing" which
is ISA's form of Static NAT. ISA has other forms of Publishing but they
don't apply here.
Even after you perform Server Publishing,...it still may not work. VoIP
tends to depend on the SIP protocol and the SIP Protocol is not compatible
with any NAT'ing or any Proxying technique. It can potoentially be made
compatible with Proxying (not NAT) if some very smart person would ever
write an Application Filter for SIP to be used in ISA,..but no one has done
that. The follwoing article mentions this is a dicussion about Instant
Messaging. I have quoted the relevant part of the article below the link.
Instant Messaging with ISA Server
http://www.microsoft.com/technet/isa/2000/maintain/isaimsec.mspx
--------- Quote ---------
. Complex protocols. The MSN Messenger protocol used by MSN Messenger
and Windows Messenger is a complex protocol that may use multiple ports to
connect to the messenger server and to send and receive data for some
instant messaging features. ISA Server SecureNAT clients require an
application filter to handle complex protocols, and ISA Server does not
provide such a filter for the complex MSN Messenger protocol. Only the
Firewall client can handle complex protocols without an application filter.
This means that SecureNAT (and Web Proxy clients) are limited to using only
the text messaging chat feature of MSN Messenger and Windows Messenger.
. Network address translation (NAT). ISA Server NAT functionality
protects internal private IP addresses by translating private addresses to
the public IP address of the ISA Server external interface, allowing a
single external IP address to be shared between multiple internal clients.
Some client-to-client instant messaging features, such as VoIP, whiteboard,
and file transfers require that an internal computer behind the ISA Server
computer make its IP address known to an external computer. Because the
internal clients address cannot be used by an external client to initiate a
communications session with the internal computer, the connection will fail.
. UPnP. UPnP-enabled NAT devices and firewalls can overcome NAT issues
and determine translated IP addresses. ISA Server is not UPnP-enabled.
. SIPS. Features such as voice, video, application sharing, and
whiteboard require a connection to be made between an internal and external
client, and use SIP Signaling (SIPS) to set up the communication session,
which then uses dynamic ports. For example, using audio/video (AV) requires
opening all UDP ports between 5004 and 65535 to allow SIP and media streams
(RTP) to cross the firewall. The use of dynamic ports without an associated
application filter is a problem because ISA Server does not have information
about which ports to open and at what time. No ISA Server SIP application
filter is available to circumvent this issue.
---------- End Quote ----------
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
"djsky" <djsky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1D43DFDC-19FF-440D-8DD8-C1D8FDE2B92A@xxxxxxxxxxxxxxxx
How can I forward a port (namely 4569) to a client PC on my internal
network?
Basically, I have SBS2003 with ISA server, and a internet phone on a
client.
he can dial out, but incoming calls do not arrive, so i guess i need to
forward this port to the client.
How can this be done?
Cheers in advance.
Ian.
- Prev by Date: Clipart
- Next by Date: Re: Problems with ISA 2004 server receiving virus definition updates.
- Previous by thread: Clipart
- Next by thread: Re: Port forwarding to a client for VOIP
- Index(es):
Relevant Pages
|
