Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.

Published byChristian McKinnon Modified over 10 years ago

Similar presentations

Presentation on theme: "Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002."— Presentation transcript:

1 Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products mburkett@ridgewaysystems.com April 25, 2002

2

3 3 Unleashing the Power of IP Communications Why should you care about NATs and Firewalls? Network Address Translation (NAT) and Firewalls will block your IP voice and video calls.

4 4April 25, 2002Unleashing the Power of IP Communications What is NAT? Network Address Translation Allows multiple users/devices to share a single public internet address Implemented within the router Think of it like a PBX with a public trunk number and private extensions for IP networks Shared Public Address 64.121.30.1 Private Address 10.1.1.1 Private Address 10.1.1.2 Private Address 10.1.1.3

5 5April 25, 2002Unleashing the Power of IP Communications What is a Firewall? Separates and Protects the Private Network from the outside world. Examines every packet that goes in to or out from the enterprise. Typically blocks all unsolicited inbound packets Think of a mail room clerk filtering your inbound and outbound mail Outside World Private Network Unsolicited Request Response Disallowed

6 6April 25, 2002Unleashing the Power of IP Communications Why H.323 & SIP Dont Work… With firewalls –Require inbound connections for inbound calls –Each call requires multiple TCP and UDP connections to random ports With NATs –Private addresses hidden from the outside network – means no inbound calling –Outbound calling endpoints request media sent to their private address – means one way video/audio

7 7April 25, 2002Unleashing the Power of IP Communications The Imaginary IP World No Firewalls No NAT No Security All public IP Addresses All Calls Successful Not the real world! Bob 64.123.31.15 Susan 34.58.15.21 Tom 216.115.109.7 Branch Office 208.45.133.21 Teleworker 24.30.203.101 Corporate 207.46.230.5

8 8April 25, 2002Unleashing the Power of IP Communications Todays Real IP Video World WAN Bob 10.2.1.5 Susan 192.168.0.107 Tom 192.168.0.108 Teleworker 10.100.5.4 Corporate 10.1.1.25 Branch Office 172.16.31.13 Firewall/NAT at the edge of the corporate network NAT or Firewall hidden in the network

9 9April 25, 2002Unleashing the Power of IP Communications Firewalls & NAT: Where? Deployed Everywhere: –Corporate Networks –Home Networks –Individual PCs –And Hidden In the Net Anywhere someone wants to –Share a connection –Protect a network WAN

10 10April 25, 2002Unleashing the Power of IP Communications What choices do you have? 1.Bypass –Public Endpoints –Private Network –Gateway –MCU 2.Replace –Upgrade Hardware Infrastructure 3.Traverse –Use Ridgeway Software

11 11April 25, 2002Unleashing the Power of IP Communications Bypass: Public Endpoints How –Give the endpoints public IP addresses –Move them outside the firewall Benefits –May be lowest capital cost? Issues –Requires Dedicated Public IP Addresses –Removes Protection of Firewall –Not easily scalable –Cannot overcome network based NAT/FW WAN

12 12April 25, 2002Unleashing the Power of IP Communications Bypass: Private Network How –Establish Virtual Private Network (VPN), usually via Firewall configuration Benefits –Works for Intra-Company communications –May already be in place Issues –Not for inter-enterprise communications –Requires configuration at every location –May have performance impacts – increased delay –Some VPNs wont handle NAT WAN VPN

13 13April 25, 2002Unleashing the Power of IP Communications Bypass: PSTN/ISDN Gateway How –Gateway to PSTN or ISDN at edge of network Benefits –May already be in place for calling off-net Issues –Loses benefits of the pure IP solution –Doesnt solve problem for the mobile IP endpoint IP WAN PSTN/ ISDN PSTN/ ISDN

14 14April 25, 2002Unleashing the Power of IP Communications Bypass: MCU How –Deploy MCU with two network interfaces, one inside & one outside of firewall/NAT Benefits –Natural extension for existing MCU deployments Issues –Can be expensive solution; not appropriate for SOHO or consumer deployment –Localized solution, needs to be deployed at every NAT/FW –Cannot overcome network based NAT/FW WAN

15 15April 25, 2002Unleashing the Power of IP Communications Replace: Upgrade Infrastructure How –Upgrade firewalls and routers with Application Level Gateway (ALG) Benefits –Brand name solutions? Issues –This means changes to mission critical network components for the enterprise network –Fix every NAT & Firewall for every protocol –Unreachable: Physically, Politically, or Intellectually? –Cannot overcome network based NAT/FW WAN

16 16April 25, 2002Unleashing the Power of IP Communications Host Network Guest Network DMZ Proxy/Registrar/GK WAN Traverse: Ridgeway How –Place single server at reachable address –Download software client for any guest network Benefits –No upgrade for existing mission critical components –Handles any number of NATs & Firewalls, even network based –Handles SIP or H.323 –Compatible with your existing infrastructure –Voice and Video –Mobile solution –Download-and-Call means no waiting to call into a new location Ridgeway Client IP Freedom Server

17 17April 25, 2002Unleashing the Power of IP Communications The Ridgeway Method 1.Ridgeway (RW) Clients connect to the RW Server –Outbound –Fixed ports: 2776/2777 2.RW Server/Clients proxy the GK so it appears at the RW Client 3.Endpoints set RW Client as their GK and register and then appear as a ports on the RW Server 4.Behind the scenes: All TCP traffic goes over the pre- established TCP connection As UDP streams are needed the RW client pushes a stream out to the server that the server can use for return traffic (outbound, fixed ports) 5.From endpoint perspective, calls proceed as usual Host Network Guest Network DMZ Proxy/Registrar/GK WAN Ridgeway Client IP Freedom Server Ridgeway Client

18 18April 25, 2002Unleashing the Power of IP Communications More On Ridgeway Traversal Commercially deployed today in both enterprise and service provider environments One server for multiple endpoints & networks No upgrade to existing NAT/FW or endpoints No open inbound firewall ports No charge for client Upgrade server capacity instantly Add-on for VPN & PSTN gateway solutions

19 19April 25, 2002Unleashing the Power of IP Communications Summary Firewalls & NATs are everywhere Firewalls & NATs block IP Voice & Video Solution Choices: –Bypass, Replace, Traverse Traversal: –Dont mess with your critical components –Treat the network like a black box –Download and call today! Free trial –www.ridgewaysystems.com –http://www.vide.net/vpz/firewalls.html

Download ppt "Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002."

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
1 Linux IP Masquerading Brian Vargyas XNet Information Systems.

1 Linux IP Masquerading Brian Vargyas XNet Information Systems.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Communicating over the Network

Communicating over the Network
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer 651.796.7043

SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer
Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
CCENT Study Guide Chapter 12 Security.

CCENT Study Guide Chapter 12 Security.
Any Questions?.

Any Questions?.
Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.

Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.
IP Multicast. 2003-2004 - Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.

IP Multicast Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.
Configuring and Troubleshooting ACLs

Configuring and Troubleshooting ACLs
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
The Enterprise Guide to Video Conferencing Created using iThoughts [...] [...]

The Enterprise Guide to Video Conferencing Created using iThoughts [...] [...]
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Intertex Data AB, Sweden VoIP to the Edge: Firewalls - The Missing Link Prepared for:Voice On the Net, Fall 2001 By: Karl Erik Ståhl President Intertex.

Intertex Data AB, Sweden VoIP to the Edge: Firewalls - The Missing Link Prepared for:Voice On the Net, Fall 2001 By: Karl Erik Ståhl President Intertex.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks

Similar presentations

Ads by Google