n
provide firewall traversal services to the traversal client
n
query the traversal client about its endpoints
n
apply transforms to any queries before they are sent to the traversal client
n
control the bandwidth used for calls between your local VCS and the traversal client
Note:
traversal client-server zone relationships must be two-way. For firewall traversal to work, the traversal
server and the traversal client must each be configured with the other’s details (see
Configuring a traversal
client and server [p.57]
for more information). The client and server will then be able to communicate over the
firewall and query each other. For full details on how traversal client zones and traversal server zones work
together to achieve firewall traversal, see
About firewall traversal [p.53]
.
An
NTP server
must be configured for traversal zones to work.
The configurable options for a traversal server zone are:
Field
Description
Usage tips
Configuration
section:
Name
The name acts as a unique identifier, allowing you
to distinguish between zones of the same type.
Type
The nature of the specified zone, in relation to the
local VCS. Select
Traversal server
.
After a zone has been created, the
Type
cannot be changed.
Hop count
The hop count is the number of times a request will
be forwarded to a neighbor gatekeeper or proxy
(see the
Hop counts
section for more information).
This field specifies the hop count to use when
sending a search request to this particular zone.
If the search request was received from
another zone and already has a hop
count assigned, the lower of the two
values is used.
Connection credentials
section:
Username
Traversal clients must always authenticate with
traversal servers by providing their authentication
credentials.
The authentication username is the name that the
traversal client must provide to the VCS
Expressway. (It is configured as the connection
credentials
Username
in its traversal client zone.)
There must also be an entry in the VCS
Expressway's local authentication
database for the client’s authentication
username and password. To check the
list of entries and add it if necessary,
go to the
Local authentication
database
page. Either:
n
click on the
Add/Edit local
authentication database
link
n
go to
Configuration >
Authentication > Local database
H.323
section:
Mode
Determines whether H.323 calls are allowed to and
from the traversal client.
Protocol
Determines the protocol (
Assent
or
H.460.18
) to use
to traverse the firewall/NAT.
See
Configuring ports for firewall
traversal [p.58]
for more information.
Port
The port on the local VCS Expressway to use for
H.323 calls to and from the traversal client.
Cisco VCS Administrator Guide (X8.1.1)
Page 147 of 507
Zones and neighbors
Configuring zones