Amer Networks E5Web GUI User Manual

The different protocols used in implementing H.323 are:

H.225 RAS signalling and Call
Control (Setup) signalling

Used for call signalling. It is used to establish a connection
between two H.323 endpoints. This call signal channel is
opened between two H.323 endpoints or between a H.323
endpoint and a gatekeeper. For communication between
two H.323 endpoints, TCP 1720 is used. When connecting
to a gatekeeper, UDP port 1719 (H.225 RAS messages) are
used.

H.245 Media Control and
Transport

Provides control of multimedia sessions established
between two H.323 endpoints. Its most important task is to
negotiate opening and closing of logical channels. A logical
channel could be, for example, an audio channel used for
voice communication. Video and T.120 channels are also
called logical channels during negotiation.

T.120

A suite of communication and application protocols.
Depending on the type of H.323 product, T.120 protocol
can be used for application sharing, file transfer as well as
for conferencing features such as whiteboards.

H.323 ALG features

The H.323 ALG is a flexible application layer gateway that allows H.323 devices such as H.323
phones and applications to make and receive calls between each other when connected via
private networks secured by Clavister Security Gateways.

The H.323 specification was not designed to handle NAT, as IP addresses and ports are sent in the
payload of H.323 messages. The H.323 ALG modifies and translates H.323 messages to make sure
that H.323 messages will be routed to the correct destination and allowed through the Clavister
Security Gateway.

The H.323 ALG has the following features:

•

The H.323 ALG supports version 5 of the H.323 specification. This specification is built upon
H.225.0 v5 and H.245 v10.

•

In addition to support voice and video calls, the H.323 ALG supports application sharing over
the T.120 protocol. T.120 uses TCP to transport data while voice and video is transported over
UDP.

•

To support gatekeepers, the ALG monitors RAS traffic between H.323 endpoints and the
gatekeeper, in order to correctly configure the Clavister Security Gateway to let calls through.

•

NAT and SAT rules are supported, allowing clients and gatekeepers to use private IPv4
addresses on a network behind the Clavister Security Gateway.

H.323 ALG Configuration

The configuration of the standard H.323 ALG can be changed to suit different usage scenarios.
The configurable options are:

•

Allow TCP Data Channels

This option allows TCP based data channels to be negotiated. Data channels are used, for
example, by the T.120 protocol.

Chapter 6: Security Mechanisms

424