From: New York
hey we are hooked up to a local college through a media system.. they have a network camera on our campus with an IP that they use. id like to get the it behind our firewall -ISA- so that i can use the camera in different rooms -its on the only drop not behind the firewall-. however i cant figure it out.. can i give it a private IP and do a server publish??? heres the info the college sent me.. any help would be greatly apprecaited.
How is a firewall configured for H.323 video?
Interacting with firewalls using fixed ports and Polycom H.323 products
H.323 uses a single fixed TCP port (1720) to start a call using the H.225 protocol (defined by H.323 spec) for call control. Once that protocol is complete, it then uses a dynamic TCP port for the H.245 protocol (also defined by the H.323 spec) for caps and channel control. Finally, it opens up 2 dynamic UDP ports for each type of media that was negotiated for the call (audio, video, far-end camera control). This first port carries the RTP protocol data (defined by the H.225 spec) and the second one carries the RTCP data (defined by the H.225 spec).
So, a typical H.323 ViewStation call would use 2 TCP fixed ports (3230-3231) and 6 UDP fixed ports (3230-3235).
As per TCP/IP standards, ports are divided into 3 sections: 0-1023 (privileged ports), 1024-49151 (registered ports) and 49152-65535 (dynamic ports). H.323 specifies the dynamic ports in the dynamic range are open. Polycom has added a feature to its product line that allows the ports to use a fixed ports (instead of dynamic ports) so that it can more easily traverse a firewall. Only the system behind the firewall need to turn on this feature, since the firewall will prevent the audio/video/FECC from the outside to come in unless this is enabled.
In addition, the user must "punch holes" in the firewall using the previously mentioned exact port numbers and exact protocol types for outgoing calls. To receive incoming calls, the user must also punch a hole using the 1720 TCP port.