Presentation is loading. Please wait.

Presentation is loading. Please wait.

H.323 NAT Traversal Problem particular to H.323(RAS->Q.931->H.245):  RAS from private network to public network can pass NAT  Q931 、 H.245 adopts the.

Published byCharles Norris Modified over 8 years ago

Similar presentations

Presentation on theme: "H.323 NAT Traversal Problem particular to H.323(RAS->Q.931->H.245):  RAS from private network to public network can pass NAT  Q931 、 H.245 adopts the."— Presentation transcript:

1 H.323 NAT Traversal Problem particular to H.323(RAS->Q.931->H.245):  RAS from private network to public network can pass NAT  Q931 、 H.245 adopts the TCP, if Q.931 is initialized from public network (such as from GK)  Cannot initialize a TCP connection from outside to a terminal inside a private network SYN packet cannot pass the NAT device TE in private network TE in public network NAT SYN SYN + ACK ACK B B A A X TCP SYN packet TCP utilizes three way handshake, it has direction. NAT TE

2 Principle of UDP Enhanced Tunnel TE ServerNAT Private Network Public Network Tunnel xTSxTC xTC -traversal Tunnel Client xTS -traversal Tunnel Server Signal and media stream share the same tunnel between xTC and xTS

3 UDP enhanced Tunnel Mechanism IP TCP/UDP Data Original UTH Encapsulated Standard UDP header Orig-protocol other-fields TCP/UDP Data UTH IP The UDP enhanced Tunnel Header(UTH) is comprised of three parts:  a UDP header (standard RFC0768 header)  a protocol field (holds the protocol field of original IP header.)  other-fields (reserved for extension)

4 Different from RFC3948 TCP/UDP Data RFC3948 UTH Encapsulated Standard UDP header Orig-protocol other-fields UTH IP ESP header Data UDP IP RFC3948 is specific for IPsec ESP packets UTH can be used for more general aims

5 xTC behavior Encapsulate:  Insert a UDP enhanced tunnel header  Modify the IP header, and the relation fields of the new IP header are edited to match the resulting IP packet.  The destination should be one ip address of xTS.  And cause IP header is modified, a map entry should be recorded by xTC for correct processing the packets sent from xTS.  The resulting packet is forwarded to xTS.

6 xTC behavior Decapsulate:  The UTH header is removed from the packet.  The IP header is modified, the relation fields in the new IP header are edited to match the resulting IP packet, in this procedure, the map entry recorded earlier is used to aid the process.  The resulting packet is forwarded to the real destination.

7 xTS behavior Decapsulate:  The UTH header is removed from the packet.  Do the ALG process if needed.  The IP header is modified, and the relation fields in the new IP header are edited to match the resulting IP packet.  The resulting packet is forwarded to the real destination.

8 xTS behavior Encapsulate:  A properly formatted UDP enhanced tunnel header(UTH header) is inserted.  Do the ALG process if needed.  Modify the IP header, and the relation fields in the new IP header are edited to match the resulting IP packet. To accomplish this, the map entry recorded in previously procedure should be used.  The resulting packet is forwarded to xTC.

9 How to use -Tunnel and Proxy (1) Tunnel client integrated with Proxy:  A dedicated proxy is deployed in the private network;  Tunnel is established between internal proxy and external proxy.  Terminals don't require modifications;  No public IP address will be consumed by proxy. TE1 TE2 TEn ServerNAT Private Network Public Network Tunnel Proxy xTS Proxy xTC

10 How to use -Tunnel and Proxy (2) Tunnel client integrated within the terminal:  No additional device is needed;  Tunnels are established between the terminals and proxy.  Terminals require modifications;  No public address will be consumed by terminals. TE Proxy ServerNAT Private Network Public Network Tunnel xTC TE xTC TE xTC xTS

Download ppt "H.323 NAT Traversal Problem particular to H.323(RAS->Q.931->H.245):  RAS from private network to public network can pass NAT  Q931 、 H.245 adopts the."

Similar presentations

CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI Transport Layer Network Fundamentals – Chapter 4.
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.

Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)

Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

Similar presentations

Ads by Google