82
D14049.05
February 2009
Grey Headline
(continued)
TANDBERG
VIDEO COMMUNICATIONS SERVER
ADMINISTRATOR GUIDE
Introduction
Getting started
Overview and
status
System
configuration
VCS
configuration
Zones and
neighbors
Call
processing
Bandwidth
control
Firewall
traversal
Appendices
Applications
Maintenance
Zones
Configuring traversal server zones
The following options are available (in addition to the
common
zone options
) when configuring a traversal server zone on the
VCS Expressway. Traversal server zones are used to enable a
connection from the local VCS Expressway to a traversal client.
For full details on how traversal client zones and traversal
server zones work together to achieve firewall traversal,
see
Firewall traversal
.
An
NTP server
must also be configured in order for
traversal zones to work.
Client authentication username
Traversal clients must always authenticate with traversal servers
by providing their authentication credentials. The authentication
username is the name that the traversal client must provide to
the VCS Expressway.
If the traversal client is a VCS, this must be its
•
Authentication
Username
.
If the traversal client is a TANDBERG Gatekeeper, this is its
•
System Name
.
There must also be an entry in the VCS Expressway's local
authentication database for the client’s authentication username
and password. To check the list of entries and it if necessary, go
to the
Local authentication database
page. Either:
click on the
•
Add/Edit local authentication database
link
go to
•
VCS configuration > Authentication > Local database
.
See the
Authentication
section for more information.
Protocol
SIP mode
Determines whether SIP calls will be allowed to and from the
traversal client.
SIP port
Specifies the port on the local VCS Expressway to be used for SIP
calls to and from the traversal client.
SIP transport
Determines which transport type will be used for SIP calls to and
from the traversal client.
H.323 mode
Determines whether H.323 calls will be allowed to and from the
traversal client.
H.323 protocol
Determines the protocol (Assent or H.460.18) to be used to
traverse the firewall/NAT. (See
Firewall traversal protocols
for
more information.)
H.323 port
Specifies the port on the local VCS Expressway to be used for
H.323 calls to and from the traversal client.
H.460.19 demultiplexing mode
Determines whether or not the same two ports will be used for
media by two or more calls.
On
: all calls from the traversal client will use the same two ports
for media.
Off
: each call from the traversal client will use a separate pair of
ports for media.
Advanced
!
The Advanced settings should not be changed except on
the advice of TANDBERG customer support.
SIP poison mode
On
: SIP requests sent out this zone will be 'poisoned' such that if
they are received by this VCS again they will be rejected.
Off
: SIP requests sent out this zone that are received by this VCS
again will not be rejected; they will be processed as normal.
UDP/TCP probes
UDP retry interval
Sets the frequency (in seconds) with which the client will send
a UDP probe to the VCS Expressway if a keep alive confirmation
has not been received.
UDP retry count
Sets the number of times the client will attempt to send a UDP
probe to the VCS Expressway during call setup.
UDP keep alive interval
Sets the interval (in seconds) with which the client will send a
UDP probe to the VCS Expressway once a call is established, in
order to keep the firewall’s NAT bindings open.
TCP retry interval
Sets the interval (in seconds ) with which the traversal client
will send a TCP probe to the VCS Expressway if a keep alive
confirmation has not been received.
TCP retry count
Sets the number of times the client will attempt to send a TCP
probe to the VCS Expressway during call setup.
TCP keep alive interval
Sets the interval (in seconds) with which the traversal client will
send a TCP probe to the VCS Expressway once a call is in place,
in order to maintain the firewall’s NAT bindings.
The default UDP and TCP probe retry intervals are suitable
for most situations. However, if you experience problems
with NAT bindings timing out, they may need to be
changed.