Re: Port forwarding to a client for VOIP
- From: mbvales@xxxxxxxxx
- Date: 20 Dec 2006 05:03:06 -0800
Hi there all,
Could someone help & guide me about my problem in VoIp. I have ISA 2000
Enterprise, I used it as my proxy & firewall and its running under
win2003 server enterprise edition platform.
I dont know if voip works behind ISA 2000 firewall or does ISA
supported on voip? just want to open the ports required for voip onto
isa 2000 but I did all my best still doesn't work. Our voip server is
located to our head office.
thanks in advance
Phillip Windell wrote:
You would use the Server Publishing.
First create a new Inbound Protocol with port #3399
Then create a Server Publishing Rule that uses the new protocol.
Watch the Live Log in the Monitoring section of the MMC to spot problems.
You can adust the Filtering in the Log so it only show you relevant details.
Pay attention to where you position to rule in the List,...that can
sometimes make a difference.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
"Flyboy" <Flyboy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:04871B9C-13CE-4BFC-8916-1FDFF5321AFA@xxxxxxxxxxxxxxxx
I don't want to route voice - but rather data from a specific port - lets
say
port 3399 to an internal LAN PC w/an IP address of 192.168.10.40 from the
outside world (internet). How would I go about that with ISA 2006? Yes,
the
SOHOs make it easy by using their version of "Port Forwarding" - but how
does
ISA handle this request?
"Phillip Windell" wrote:
There is no such thing as "port forwarding". That is a "slang" term
created
by the SOHO market and it really means nothing. The ports aren't being
forwarded, the ports aren't doing anything are going anywhere. I'm not
trying to be "picky",..you'll just have to trust me that it is important
to
understand this. It is unfortunate that they have misled people by
sticking
that term all over their product documentation and even in the
configuration
interfaces of their SOHO devices.
The true process for what you are asking is called "Static NAT" or
optionally "Reverse NAT" and these terms accurately describe what is
happening,...and the focus of any type of NAT is always the IP#s which is
Layer3 (not the ports which are Layer4).
Anyway, now that the Classroom period is over..... :-)
With ISA what you are looking for is the feature "Server Publishing"
which
is ISA's form of Static NAT. ISA has other forms of Publishing but they
don't apply here.
Even after you perform Server Publishing,...it still may not work. VoIP
tends to depend on the SIP protocol and the SIP Protocol is not
compatible
with any NAT'ing or any Proxying technique. It can potoentially be made
compatible with Proxying (not NAT) if some very smart person would ever
write an Application Filter for SIP to be used in ISA,..but no one has
done
that. The follwoing article mentions this is a dicussion about Instant
Messaging. I have quoted the relevant part of the article below the
link.
Instant Messaging with ISA Server
http://www.microsoft.com/technet/isa/2000/maintain/isaimsec.mspx
--------- Quote ---------
. Complex protocols. The MSN Messenger protocol used by MSN
Messenger
and Windows Messenger is a complex protocol that may use multiple ports
to
connect to the messenger server and to send and receive data for some
instant messaging features. ISA Server SecureNAT clients require an
application filter to handle complex protocols, and ISA Server does not
provide such a filter for the complex MSN Messenger protocol. Only the
Firewall client can handle complex protocols without an application
filter.
This means that SecureNAT (and Web Proxy clients) are limited to using
only
the text messaging chat feature of MSN Messenger and Windows Messenger.
. Network address translation (NAT). ISA Server NAT functionality
protects internal private IP addresses by translating private addresses
to
the public IP address of the ISA Server external interface, allowing a
single external IP address to be shared between multiple internal
clients.
Some client-to-client instant messaging features, such as VoIP,
whiteboard,
and file transfers require that an internal computer behind the ISA
Server
computer make its IP address known to an external computer. Because the
internal clients address cannot be used by an external client to initiate
a
communications session with the internal computer, the connection will
fail.
. UPnP. UPnP-enabled NAT devices and firewalls can overcome NAT
issues
and determine translated IP addresses. ISA Server is not UPnP-enabled.
. SIPS. Features such as voice, video, application sharing, and
whiteboard require a connection to be made between an internal and
external
client, and use SIP Signaling (SIPS) to set up the communication session,
which then uses dynamic ports. For example, using audio/video (AV)
requires
opening all UDP ports between 5004 and 65535 to allow SIP and media
streams
(RTP) to cross the firewall. The use of dynamic ports without an
associated
application filter is a problem because ISA Server does not have
information
about which ports to open and at what time. No ISA Server SIP application
filter is available to circumvent this issue.
---------- End Quote ----------
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those
of
my employer or anyone else associated with me.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------
"djsky" <djsky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1D43DFDC-19FF-440D-8DD8-C1D8FDE2B92A@xxxxxxxxxxxxxxxx
How can I forward a port (namely 4569) to a client PC on my internal
network?
Basically, I have SBS2003 with ISA server, and a internet phone on a
client.
he can dial out, but incoming calls do not arrive, so i guess i need to
forward this port to the client.
How can this be done?
Cheers in advance.
Ian.
.
- References:
- Re: Port forwarding to a client for VOIP
- From: Flyboy
- Re: Port forwarding to a client for VOIP
- Prev by Date: ActiveX not getting through ISA 2004 standard
- Next by Date: Re: Port forwarding to a client for VOIP
- Previous by thread: Re: Port forwarding to a client for VOIP
- Next by thread: Re: Port forwarding to a client for VOIP
- Index(es):
Relevant Pages
|
