H.323 will negotiate "random" ports for the connection between two hosts. So you have to open everything from 1024 to 65535 for it to work. OR you could just use a proxy firewall which supports H.323 Like my favorite firewall, Raptor for NT. www.axent.com Rodgers Moore ""Richard A. Holland"" <[EMAIL PROTECTED]> wrote in message news:001501c01c51$b697bc20$89a6d818@hsg-1... > Lets say we had a nazi, ironfisted network with border manager ruining all > the users lives. The flow from the global internet to an end-user would > look something like this: > > > -----Router(2501)----switch----bordermanager(2 nics)----switch---end-user > > > The router is set to route incoming packets to the router's side of the > bordermanager's nic, and the users default gateway is set to the other side > of the bordermanager server. I can't really explain why there is a switch > between the router and the border manager, my guess is scalability. > > Bordermanager is translating RFC 1918 addresses on the LAN to public IPS via > NAT. Lets say that a couple of pcs need to bypass bordermanager, use public > ips, etc yet still have the bordermanager proxy their web browsing and the > such, basically just let video conferencing traffic AROUND bordermanager. > > Now, I don't know bordermanager enough to offer solutions via it (seems to > me you should be able to configure this via bordermanager, but the network > administrator here claims it's either all or none with it, in that if he > lets the video conferencing through to the end users, he can't content > filter). > > So my thought is to connect the two switches via cat 5, add a router between > the switch and border manager, put two nics in the end-user machines, and > somehow tell the video conferencing software to point packets to the second > router, and then default-gateway to the original router..but something about > this has me asking all kinds of questions. > > First, is the two nic scenario possible? I'm kinda thinking it isn't.... > My thoughts are: > > 1 nic, private address, default gateway to the private side of the > border manager server > 2nd nic, public ip, no default-gateway, maybe through the vc software or > a routing table reference the second router's lan side interface, i dont > think we can have 2 nics, 2 subnets, and 2 default gateways on the same > machine. > > The guy that admins this network thinks he can just tie the two switches > together, add a 2nd nic, and point to the original routers ethernet > interface, basically the same thing im proposing but w/o the second > router..but I dont like his design for some reason, or mine for that matter. > > Any thoughts? > > Richard A. Holland > Voice/Data Integrator > Telec, Inc. > http://www.telecinc.com > > CCDA,CCNP,MCSE,CSE > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
