©2005–2011 Logitech and its licensors. All rights reserved. May 27, 2011
1
Technical Note Using LifeSize Transit with LifeSize Bridge This document explains how to configure LifeSize Bridge with LifeSize Transit Server v3.0.1, LifeSize Transit Client v3.0.1, video communications systems, and firewalls in common deployment scenarios. The following graphic depicts the network configuration. Some deployments have LifeSize Bridge 2200 in the DMZ.
Firewall
LAN INTERNET
LifeSize video
communications systems
LifeSize Transit Client
LifeSize Bridge 2200
LifeSize video
communications systems
DMZ
LifeSize Transit Server (public IP address)
Note: This diagram depicts an environment with one firewall appliance that generates both the LAN and the DMZ. If your environment uses an inner firewall appliance to create the LAN and an outer appliance to generate the DMZ, the firewall settings depicted in this document apply to the inner firewall appliance.
Common deployment scenarios are as follows: H.323 Deployments
LifeSize Bridge in a Private LAN Case 1: Using an External Gatekeeper in the LAN Case 2: Using LifeSize Transit Server’s Internal Gatekeeper
LifeSize Bridge in DMZ with Public IP Address Case 1: No Gatekeeper Case 2: External Gatekeeper in LAN
SIP Deployments LifeSize Bridge in Private LAN
Case 1: Case 2: Sending the Media through Port 443, 444
LifeSize Bridge in DMZ with Public IP Address
©2005–2011 Logitech and its licensors. All rights reserved. May 27, 2011
2
H.323 Deployments
LifeSize Bridge in a Private LAN
Case 1: Using an External Gatekeeper in the LAN
The devices in this example are as follows:
Device IP Address Location LifeSize Bridge 10.95.11.166 LAN
LifeSize Transit Client 10.95.11.163 LAN
External gatekeeper 10.95.11.165 LAN
Video communications system 1 10.95.11.169 LAN
Video communications system 2 50.50.50.167 Internet, registered to gatekeeper in the LAN through LifeSize Transit Client and LifeSize Transit Server
Video communications system 3 50.50.50.156 Internet
Video communications system 4 50.50.50.158 Internet, registered to LifeSize Transit Server
LifeSize Transit Server 50.50.50.160 DMZ
1. Set the firewall rules as shown in the following example:
©2005–2011 Logitech and its licensors. All rights reserved. May 27, 2011
3
2. Create a tunnel between LifeSize Transit Client and LifeSize Transit Server. From a browser log in to the LifeSize Transit Client, navigate to Operation & Maintenance : Connection, and do the following:
a. Enter the User ID 4567 and a password.
b. Enter 50.50.50.160 for the LifeSize Transit Server
c. Select Direct for Proxy Mode, and enter the password.
3. Register video communications system 1 (10.95.11.169) to LifeSize Gatekeeper with the extension 22169.
4. From a browser, log in to LifeSize Transit Server, navigate to Operation & Maintenance : H.323 Configuration, and do the following:
a. Select Use Gatekeeper at Private LAN.
b. Click Set.
c. In the Operation & Maintenance menu, click H.323 Routing.
d. In H.323 Prefix or Domain enter a number, in this example, 887.
e. In H.323 Zone Gatekeeper host[:port], enter 10.95.11.165:1719.
f. In Tunnel via, enter the tunnel number you created, in this example, 4567.
g. Click Add.
5. In the LifeSize Transit Client user interface, navigate to Operation & Maintenance : H.323 Settings, and do the following:
a. In Outbound prefix at Gatekeeper, enter 86 and click Set.
b. Select Strip prefix from outbound calls.
c. Select Register at Gatekeeper.
d. Click Refresh.
e. Registration status must show Registered.
6. Create a conference in the LifeSize Bridge Utility with a Conference ID of 2500.
7. Register LifeSize Bridge to the gatekeeper in the LifeSize Bridge Utility.
a. From the Preference tab, click H.323.
b. Ensure Enable H.323 is selected.
c. Configure the Gatekeeper section: H.323 Name Helium222166
H.3232 Extension 222166
Gatekeeper ID GATEKEEPER
Gatekeeper Mode Manual
Gatekeeper Hostname 10.95.11.165
Gatekeeper Port 1719
d. Click Save.
©2005–2011 Logitech and its licensors. All rights reserved. May 27, 2011
4
Dialing the Conference from the Video Communications Systems
System Description Dial Pattern 1 In the LAN with a private IP address <LifeSize Bridge IP address##conference ID>, in this
example, 10.95.11.166##2500
2 In the Internet registered to the gatekeeper in the LAN through LifeSize Transit Server and LifeSize Transit Client
<conference ID>, in this example, 2500
3 In the Internet with a public IP address <LifeSize Transit Server IP Address##conference ID>, in this example, 50.50.50.160##2500
4 In the Internet with a public IP address, registered to LifeSize Transit
<conference ID>, in this example, 2500
Note The incoming prefix must be a part of the conference ID. For example, if the incoming prefix is 25, make the conference ID 2500.
You can also use this configuration with only ports 443 and 444 enabled in the firewall.
Case 2: Using LifeSize Transit Server’s Internal Gatekeeper
The devices in this example are as follows:
Device IP Address Location LifeSize Bridge 10.95.11.166 LAN
LifeSize Transit Client 10.95.11.163 LAN
Video communications system 1 10.95.11.169 LAN
Video communications system 2 50.50.50.167 Internet, registered to a gatekeeper in the LAN through LifeSize Transit Server and LifeSize Transit Server
Video communications system 3 50.50.50.156 Internet
Video communications system 4 50.50.50.158 Internet, registered to LifeSize Transit Server
LifeSize Transit Server 50.50.50.160 DMZ
Set the firewall rules as shown in the example at the beginning of case 1. Complete the following configuration steps:
1. From LifeSize Transit Server, navigate to Operation & Maintenance : H323 Configuration.
2. Select Use built-in-gatekeeper.
3. Click Set.
4. Ensure that no options have been set in H.323 Routing.
5. From LifeSize Transit Client, navigate to Operation & Maintenance : H323 Settings and ensure that Registration status in the Internal Gatekeeper Registration section is empty.
©2005–2011 Logitech and its licensors. All rights reserved. May 27, 2011
5
6. In the LifeSize Bridge Utility, navigate to Preferences : H.323 and register LifeSize Bridge to LifeSize Transit Client:
a. From the Preference tab, click H.323.
b. Ensure Enable H.323 is selected.
c. Configure the gatekeeper section: H.323 Name Helium222166
H.3232 Extension 222166
Gatekeeper ID
Gatekeeper Mode Manual
Gatekeeper Hostname 10.95.11.163
Gatekeeper Port 1719
Note: When using the embedded gatekeeper in LifeSize Transit Server, devices in the LAN use the LifeSize Transit Client IP address as the gatekeeper hostname, because LifeSize Transit Client is the proxy server for LifeSize Transit Server.
d. Click Save.
7. Register video communications system 1 to the LifeSize Transit Client.
Dialing the Conference from the Video Communications Systems
System Description Dial Pattern 1 Registered to LifeSize Transit Client <conference ID>, in this example, 2500
2 In the Internet registered to the gatekeeper in the LAN through LifeSize Transit Server and LifeSize Transit Client
<conference ID>, in this example, 2500
3 In the Internet with a public IP address <LifeSize Transit Server IP Address##conference ID>, in this example, 50.50.50.160##2500
4 In the Internet with a public IP address, registered to LifeSize Transit Server
<conference ID>, in this example, 2500
You can also use this configuration when only ports 443 and 444 are enabled in the firewall.
LifeSize Bridge in DMZ with Public IP Address
Case 1: No Gatekeeper
The devices in this example are as follows:
Device IP Address Location LifeSize Bridge 50.50.50.163 DMZ
LifeSize Transit Client 10.95.11.163 LAN
Video communications system 1 10.95.11.160 LAN, registered to LifeSize Transit Server with H.460
Video communications system 2 10.95.11.161 LAN, registered to LifeSize Transit Client
LifeSize Transit Server 50.50.50.160 DMZ
©2005–2011 Logitech and its licensors. All rights reserved. May 27, 2011
6
1. Set the firewall rules as shown in the following example:
2. Create a tunnel between LifeSize Transit Client and LifeSize Transit Server.
Dialing the Conference from the Video Communications Systems
System Description Dial Pattern 1 Registered to LifeSize Transit Client
with H.460 enabled. <conference ID/LifeSize Bridge IP address##conference ID>, in this example, 2500/50.50.50.163##2500.
2 Registered to LifeSize Transit Client <LifeSize Bridge IP Address##conference ID>, in this example, 50.50.50.163##2500. You can also dial just the conference ID.
Case 2: External Gatekeeper in LAN
The devices in this example are as follows:
Device IP Address Location LifeSize Bridge 50.50.50.163 DMZ
LifeSize Transit Client 10.95.11.163 LAN
External Gatekeeper 10.95.11.165 LAN
Video communications system 1 10.95.11.160 LAN, registered to the gatekeeper
Video communications system 2 50.50.50.157 Public
Video communications system 3 50.50.50.158 Public, registered to gatekeeper
LifeSize Transit Server 50.50.50.160 DMZ
1. Create a tunnel between LifeSize Transit Client and LifeSize Transit Server.
2. Register video communications system 1 to the private gatekeeper with extension.
3. From Transit Server, navigate to Operation & Maintenance : H323 Configuration.
©2005–2011 Logitech and its licensors. All rights reserved. May 27, 2011
7
4. Select Use built-in-gatekeeper.
5. Click Set.
6. Select H.323 Routing and configure the following settings:
H.323 Prefix or Domain 887
H.323 Zone Gatekeeper host[:port] 10.95.11.165:1719
Tunnel via 4567
Gatekeeper Mode Manual
Vendor Radvision
Gatekeeper Port 1719
7. Click Add.
8. From LifeSize Transit Client, navigate to Operation & Maintenance : H.323 Settings.
9. In the Internal Gatekeeper Registration section do the following
a. In Outbound Prefix at Gatekeeper enter 86 and click Set.
b. Select Strip prefix from outbound calls
c. Select Register at Gatekeeper
d. Click Refresh.
e. Ensure that Registration Status is Registered.
Dialing the Conference from the Video Communications Systems
System Description Dial Pattern 1 In the LAN, registered to the gatekeeper <outbound prefix##LifeSize Bridge IP address##conference ID>,
in this example, 86##50.50.50.163##2500
2 Public <LifeSize Bridge IP Address##conference ID>, in this example, 50.50.50.163##2500
3 Public, registered to the gatekeeper < conference ID>, in this example, 2500
SIP Deployments
LifeSize Bridge in Private LAN
Case 1:
The devices in this example are as follows:
Device IP Address Location LifeSize Bridge 10.95.11.166 LAN
LifeSize Transit Client 10.95.11.163 LAN
Video communications system 1 10.95.11.169 LAN, registered to LifeSize Transit Server through LifeSize Transit Client
Video communications system 2 50.50.50.157 Public
Video communications system 3 50.50.50.158 Public registered to SIP registrar in LifeSize Transit Server
LifeSize Transit Server 50.50.50.160 DMZ
©2005–2011 Logitech and its licensors. All rights reserved. May 27, 2011
8
1. Set the firewall rules as shown in the following example:
2. Create a tunnel between LifeSize Transit Client and LifeSize Transit Server.
3. In the LifeSize Bridge Utility, navigate to Preferences : SIP.
4. Register to LifeSize Transit Server with the following settings:
Identification SIP Username 22166
Authorization Username 22166
Authorization Password <password>
Registrar Enable the SIP registrar Select
Registrar Hostname 50.50.50.160
Registrar Port 5060
Proxy Enable the SIP proxy server Select
Register the system through the SIP proxy server Select
Proxy Hostname 10.95.11.163
Proxy Port 5060
Signaling UDP Signaling Port 5060
TCP Signaling Port 0
TLS Signaling Port 0
©2005–2011 Logitech and its licensors. All rights reserved. May 27, 2011
9
5. Ensure that Registration Status changes to Registered.
6. Create a conference in the LifeSize Bridge Utility with a conference ID of 2500.
Dialing the Conference from the Video Communications Systems
System Description Dial Pattern 1 In the LAN, registered to LifeSize Transit
Server through LifeSize Transit Client <conference ID / conference ID@LifeSize Transit Server IP address>, in this example, 2500 / [email protected]
2 Public <conference ID@LifeSize Transit Server IP address>, in this example, [email protected]
3 Public registered to SIP registrar in LifeSize Transit Server
<conference ID>, in this example, 2500
Case 2: Sending the Media through Port 443, 444
The devices in this example are as follows:
Device IP Address Location LifeSize Bridge 10.95.11.166 LAN
LifeSize Transit Client 10.95.11.163 LAN
Video communications system 1 10.95.11.58 LAN, registered to LifeSize Transit Server through LifeSize Transit Client
Video communications system 2 50.50.50.156 Public
Video communications system 3 50.50.50.158 Public registered to SIP registrar in LifeSize Transit Server
LifeSize Transit Server 50.50.50.160 DMZ
1. Set the firewall rules as shown in the following example:
©2005–2011 Logitech and its licensors. All rights reserved. May 27, 2011
10
2. In the LifeSize Bridge Utility, navigate to Preferences : SIP.
3. Register to LifeSize Transit Server with the following settings:
Identification SIP Username 22166
Authorization Username 22166
Authorization Password <password>
Registrar Enable the SIP registrar Select
Registrar Hostname 50.50.50.160
Registrar Port 5060
Proxy Enable the SIP proxy server Select
Register the system through the SIP proxy server Select
Proxy Hostname 10.95.11.163
Proxy Port 5060
Signaling UDP Signaling Port 5060
TCP Signaling Port 0
TLS Signaling Port 0
4. Ensure that Registration Status changes to Registered.
5. Create a conference in the LifeSize Bridge Utility with a conference ID of 2500.
Dialing the Conference from the Video Communications Systems
System Description Dial Pattern 1 In the LAN, registered to LifeSize
Transit Server through LifeSize Transit Client
<conference ID / conference ID@LifeSize Transit Server IP address>, in this example, 2500 / [email protected]
2 Public <conference ID@LifeSize Transit Server IP address >, in this example, [email protected]
3 Public registered to SIP registrar in LifeSize Transit Server
<conference ID>, in this example, 2500
The media will flow through ports 443 and 444 .
LifeSize Bridge in DMZ with Public IP Address The devices in this example are as follows:
Device IP Address Location LifeSize Bridge 50.50.50.163 DMZ
LifeSize Transit Client 10.95.11.163 LAN
Video communications system 1 10.95.11.58 LAN, registered to LifeSize Transit Server
Video communications system 2 50.50.50.157 Public
Video communications system 3 50.50.50.158 Public registered to SIP registrar in LifeSize Transit Server
LifeSize Transit Server 50.50.50.160 DMZ
©2005–2011 Logitech and its licensors. All rights reserved. May 27, 2011
11
1. From video communications system 1, navigate to Administrator Preferences : Network : LifeSize Transit.
2. In Transit Hostname, enter the LifeSize Transit Server IP address, in this case, 50.50.50.160.
3. Enter the username and password.
4. Ensure that Transit ICE is enabled.
5. Enable LifeSize Transit.
6. Ensure that LifeSize Transit Status changes to Enabled.
7. Navigate to Administrator Preferences : Communication : SIP.
8. For SIP Username and Authorization Name, use the same name you used for LifeSize Transit username.
9. For Authorization Password, use the same name you used for the LifeSize Transit password.
10. For Register Hostname, use the IP address for LifeSize Transit Server.
11. Click Register.
12. Ensure that the status changes to Registered.
Dialing the Conference from the Video Communications Systems
System Description Dial Pattern 1 In the LAN, registered to LifeSize
Transit Server <conference ID>, in this example, 2500
2 Public <conference ID@LifeSize Transit Server IP address >, in this example, [email protected]
3 Public registered to SIP registrar in LifeSize Transit Server
<conference ID>, in this example, 2500