RE: IP-VPN/VoIP

[Lucas Thompson <Lucas.Thompson () watchguard com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you're using a secure VPN then it's not really a security hole to
allow a range of ports only across the tunnel?
Different applications deal with H.323 differently.  I have had some
work and some not.  Netmeeting is the absolute worst.  If they follow
the H.323 protocol properly, there are several different firewalls
that are able to follow the call setup.

- -----Original Message-----
From: Irwin Lazar [mailto:ILazar () tbg com]
Sent: Thursday, June 21, 2001 1:09 PM
To: 'firewall-wizards () nfr com'
Subject: [fw-wiz] IP-VPN/VoIP


I'm curious to see what folks are doing to support VoIP across
encrypted
IP-VPNs.  From our understanding, very few firewalls can statefully
manage
the random port selection during an H.323 call setup, so the only way
to
support VoIP across a firewall is to open up a range of ports.  For
obvious
reasons, this isn't something I feel comfortable recommending.

Has anyone run across this issue and if so, how did you address it?

- -----
Irwin Lazar - ilazar () tbg com <mailto:ilazar () tbg com> 
Senior Consultant, The Burton Group
Office: 703-742-9659
Cell: 703-402-4119
http://www.tbg.com/
"The Ultimate Resource For Network Architects"

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOz0wghkEZcnI1admEQIsywCg2mXs98G1Xx4SYrn0hN+bOhy2dkwAoITU
MVeYF37KvnN9bb9u4/8w6Aiw
=6cvw
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards