Video Configuration Examples for IPIP GW or CUBE
This is the basic config for any ISR router 2800 / 3800 series which runs IOS with CUBE and GK feature set.
The example toplogy:
Tandberg VT A - H.323 GK zone A - CUBE - H.323 GK zone B - Tandberg VT B
Let assume that Tandberg A is located on Public Internet. And we want to allow it to place calls to Tandberg B, or say MCU on an internal network only through CUBE. Let name the zone A - PUBLICINET-with-IPIPGW And zone B - MCU
We also have to make some assumptions about the dial-plan. Let assume that all endpoints on the internet side will have numbers starting with 00 and all endpoints on internal network will have numbers starting with 2.
00* <-----CUBE------> 2*
We also assume that CUBE has two IP addresses. One IP should be public IP reachable form internet, and naturally it also should be reachable from inside of your network. In this example the internet will be represented by the subnet 184.108.40.206/24 The internal network can have IP from any private subnet range as 10.x.x.x, 172.x.x.x or 192.x.x.x
220.127.116.11 - CUBE - 10.x.x.x
1. First we need to register GW and the video endpoints to the GK and we can run GK feature on the same router if we have IOS with GK feature for example - C2800NM-IPVOICE_IVS-M. The most simple setup will be if we register endpoints with full E164 numbers to their corresponding zones and register the CUBE to the GK in public zone. The CUBE should be registered to the zone where we want to force your endpoints to use CUBE as an access point to your network, so it will be out Public zone with real IP reachable from Public Internet.
gatekeeper zone local PUBLICINET-with-IPIPGW test.com 18.104.22.168 invia PUBLICINET-with-IPIPGW outvia PUBLICINET-with-IPIPGW enable-intrazone zone remote MCU mappets.com 10.52.218.98 1719 no zone subnet PUBLICINET-with-IPIPGW default enable zone subnet PUBLICINET-with-IPIPGW 22.214.171.124/32 enable zone subnet PUBLICINET-with-IPIPGW 126.96.36.199/32 enable zone subnet PUBLICINET-with-IPIPGW 188.8.131.52/32 enable zone subnet PUBLICINET-with-IPIPGW 184.108.40.206/24 enable no zone subnet PUBLICINET-with-IPIPGW 220.127.116.11/16 enable no zone subnet PUBLICINET-with-IPIPGW 192.0.0.0/8 enable no zone subnet PUBLICINET-with-IPIPGW 10.0.0.0/8 enable zone prefix MCU 2* no use-proxy PUBLICINET-with-IPIPGW default inbound-to terminal no use-proxy PUBLICINET-with-IPIPGW default outbound-from terminal no shutdown
To have control over registration - we used "zone subnet" commands. First we need them to disable registration of internal endpoints to the external zone. And we also can use tighter restrictions - if we want to allow only some specific endpoints form internet to register the GK. For example the command "zone subnet PUBLICINET-with-IPIPGW 18.104.22.168/32 enable" will allow to register endpoint with IP 22.214.171.124.
The matching CUBE config will be:
voice service voip allow-connections h323 to h323
interface FastEthernet0/0 ip address 10.52.218.130 255.255.255.0
! This interface is used only for routing, it is not involved in H.323 signaling. !
interface FastEthernet0/1.33 encapsulation dot1Q 333 ip address 126.96.36.199 255.255.255.0 h323-gateway voip interface h323-gateway voip id PUBLICINET-with-IPIPGW ipaddr 188.8.131.52 1719 h323-gateway voip h323-id IPIPGW-130 h323-gateway voip tech-prefix 130 h323-gateway voip bind srcaddr 184.108.40.206
! This interface is used for H.323 signaling, so it have to be reachable for endpoints on the Internet as well as from internal network.
The matching remote GK config(we can run other GK on any other router in the network): !
gatekeeper zone local MCU mappets.com 10.52.218.98 zone remote PUBLICINET-with-IPIPGW test.com 220.127.116.11 1719 zone prefix PUBLICINET-with-IPIPGW 00* no use-proxy MCU default inbound-to terminal no use-proxy MCU default outbound-from terminal no shutdown
Here we can register any internal H.323 endpoints like Tandberg Video terminals or MCU for conferencing.
The final step would be the example of the VOIP dial-peers. Here we configured two dial-peers - but each of them play the role of incoming and outgoing dial-peer at the same time.
dial-peer voice 2000 voip destination-pattern 2... session target ras incoming called-number 2... dtmf-relay h245-alphanumeric codec transparent no vad
dial-peer voice 1000 voip destination-pattern 00 session target ras incoming called-number 00 dtmf-relay h245-alphanumeric codec transparent no vad
The only specific part for video in this whole example is the "codec transparent" command :)
Related show Commands
This section provides information you can use to confirm your configuration is working properly.
Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output.
show dial-peer voice summary show voice call status
There also some useful commands to add and they can be used on All routers in production as well:
service nagle service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec
logging message-counter syslog logging queue-limit 100000 logging buffered 5000000 logging rate-limit 10000 no logging console
And some very useful aliases :)
alias exec c conf t alias exec r sh run alias exec i sh ip ro alias exec ib sh ip int brie alias exec gs show run | s gatekeeper alias exec ge sho gatekeeper end alias exec sg sho gatekeeper alias exec rs sh run | s alias exec ri sh run | i alias exec rb sh run | b alias exec dp sh run | be dial-p