ClearOne NetPoint Firewall Traversal, Инструкция по установке и настройке, Страница: 11 / 35

NetPoint Firewall Traversal Server: Installation and Setup Manual 11
Chapter 2: Negotiating NATs and Firewalls
IN THIS CHAPTER
ClearOne’s NetPoint allows organizations to conduct H.323 audio and video communication,
while continuing to protect their local area networks (LANs) with NATs and firewalls using
proprietary and/or H.460 protocols.
This chapter includes the following sections:

NATs and Firewalls in Enterprises
 Effects of Firewalls and NATs on H.323 Videoconferencing

The NetPoint System Solution
NATS AND FIREWALLS IN ENTERPRISES
To protect the nodes within their networks, many organizations employ firewalls and NAT
(Network Address Translation) devices. Together or separately, these devices present
challenges for implementing IP videoconferencing solutions.
N
ETWORK
A
DDRESS
T
RANSLATION
D
EVICES
(NAT
S
)
NAT is a protocol in which a LAN uses one set of IP addresses for internal communication
(within an organization’s LAN) and a different address for communication with external
network, such as the Internet. It provides a solution for two main conditions:

Network security - Internal IP addresses are hidden from external users. This helps
protect the network’s computers from hackers and spammers.

Finite number of available IP addresses - The number of public IP addresses is limited.
By defining addresses for internal use only, an organization can use a large number of
different addresses without conflicting with addresses used elsewhere.
Within a NAT, the nodes have internal addresses which are inherently unreachable to nodes
from outside. Without a traversing device, internal nodes cannot receive calls or
communication from external nodes. Even if a node within the NAT initiates communication,
it cannot receive a reply - the reply is being sent to a non-routable IP address.
A NAT device maps public IP addresses to private IP addresses and ports. It also assigns
ports to nodes within its network, but the private IP addresses remain unknown to outside
users. To enable external communication, the NAT device opens a channel to the public
network. The NAT appends the public IP address to all data packets sent outside the
network. Likewise, for incoming data, the NAT device replaces its public address with the
mapped internal address.
Usually, NAT assignments last for a short period of time and are then released. It’s
important that a NAT assignment remain valid for the duration of an open connection. To
accomplish this, any node communicating through a NAT device must send a "keep-alive"
packet periodically to prevent remapping during an open session.