Cisco Meeting Server

Cisco Meeting Server Release 2.0+

H.323 Gateway Deployment Guide

December 23, 2016

Cisco Systems, Inc. www.cisco.com

Contents
1 Introduction 4
1.1 How to Use this Guide 5
1.1.1 Commands 7

2 H.323 Gateway Configuration 8

2.1 Overview 8
2.1.1 Prerequisites 9
2.2 H.323 Gateway configuration 11
2.3 Call Bridge outbound dial plan rule configuration 13
2.4 Configuring IP dialing 15

3 Call Testing 16
3.1 Inbound call from an H.323 endpoint registered to an H.323 Gateway 16
3.2 Inbound call from an unregistered H.323 endpoint by dialing an IP address 18
3.3 Inbound call from an unregistered H.323 endpoint by dialing <space_uri>@IP
address 19
3.4 Outbound call to a registered H.323 endpoint 21
3.5 Outbound call to an unregistered H323 endpoint by dialing an IP address (call
routed with H.323 Gatekeeper) 22
3.6 Outbound call to an unregistered H323 endpoint by dialing an IP address (call
routed without H.323 Gatekeeper) 25
3.7 Calling non Cisco Meeting App users from H.323 endpoint 26

4 Troubleshooting Tips 29

Appendix A SIP Call Control Configuration 30

Appendix B Assigning a certificate/private key pair to the H.323 Gateway 33

Appendix C H.323 Gateway address handling for older gatekeepers 34

Appendix D H.323 Gateway MMP commands 36

Cisco Legal Information 38

Figures:

Figure 1: Single combined Cisco Meeting Server deployment with H.323 Gateway . 4

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 2

 Figure 2: Cisco Meeting Server documentation set 6
Figure 3: Incoming and outgoing H.323 calls with H.323 Gateway 8
Figure 4: H.323 Gateway with H.323 Gatekeeper 9
Figure 5: Configuration for H.323 Gateway with H.323 Gatekeeper 11
Figure 6: Output from h323_gateway command 13
Figure 7: Web Admin Interface showing Outbound dial plan with match all domains 14
Figure 8: Web Admin Interface showing Outbound dial plan with match domain
@h323.com 14
Figure 9: Call Flow for Inbound Call from Registered H.323 Endpoint 17
Figure 10: Web Admin Interface showing active call 17
Figure 11: Cisco VCS showing call status 18
Figure 12: Call flow for inbound call from unregistered H.323 endpoint 19
Figure 13: Web Admin Interface showing active call 19
Figure 14: Creating a Call matching rule 20
Figure 15: Web Admin Interface showing active call 20
Figure 16: Call flow for outbound call to a registered H.323 endpoint 21
Figure 17: Web Admin Interface showing active call 22
Figure 18: Cisco VCS showing call status 22
Figure 19: Cisco VCS Dial plan configuration page 23
Figure 20: Call flow for outbound call to an unregistered H.323 endpoint by dialing an IP
address 23
Figure 21: Web Admin Interface showing active call 24
Figure 22: Cisco VCS showing call status 24
Figure 23: Call Flow for Outbound Call to a Unregistered H.323 Endpoint 25
Figure 24: Web Admin Interface showing active call 26
Figure 25: Call flow from H.323 endpoint to a non Cisco Meeting App user 27
Figure 26: Web Admin Interface showing active call 28
Figure 27: Cisco VCS showing Call Status 28
Figure 28: Adding the domain to the source address 34
Figure 29: Removing the domain for call back 34

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 3

 1 Introduction

1 Introduction
The Cisco Meeting Server was formerly called the Acano Server. The Cisco Meeting Server is
now hosted on a new preconfigured version of a Cisco UCS server, called the Cisco Meeting
Server 1000. It can also be hosted on the Acano X-Series hardware, or on a specification based
VM server. The Cisco Meeting Server software is referred to as the Meeting Server throughout
the remainder of this guide.

Note: coSpace has been renamed space. This document has been changed to using space,
except where it refers to coSpace API objects.

The Meeting Server includes an H.323 Gateway component. This gateway is designed to be
used only with the Call Bridge of the Meeting Server, as shown below. Once the call reaches the
Call Bridge it is processed according to the normal dial plan rules. Outgoing calls from the Call
Bridge devices can also be made to H.323 devices. If the call is into a space on the Meeting
Server then it stops at the Call Bridge.

Figure 1: Single combined Cisco Meeting Server deployment with H.323 Gateway .

This guide covers one of the recommended deployments (a single combined server with the
H.323 Gateway enabled on the same Meeting Server as the Call Bridge) – as shown above.
In a split deployment we recommend deploying the H.323 Gateway as a core component, to
ensure there is no firewall between the H.323 Gateway and the Call Bridge. Typically, the H.323
Gateway will be deployed on the same Meeting Server as the Call Bridge. However, the H.323
Gateway may be deployed on a separate Core server to the Call Bridge, which is useful for test
purposes.
In a scalable & resilient deployment you can enable one H.323 Gateway per Call Bridge, again
either on the same or separate Meeting Servers.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 4

 1 Introduction

The commands to configure and enable the H.323 Gateway are the same in all deployments,
although the IP address for the H.323 Gateway to connect differs if the Call Bridge and the
H.323 Gateway are on the same host, compared to them being on different hosts, see section
2.2, step 6.

Note: A certificate is required on each H.323 Gateway . The certificate can be signed by an
internal CA. Follow the steps in Appendix B to assign a certificate/private key pair to the H.323
Gateway.

1.1 How to Use this Guide

This guide follows on from the appropriate Deployment Guide (see Figure 2 ). It assumes that
you have already completed the instructions within the deployment guide. Only use this guide if
you want the Meeting Server to accept calls from H.323 endpoints and be able to call out to
them.
This H.323 Gateway deployment guide is intended to be read and acted upon in the order
provided. A full list of H.323 commands is provided in the MMP Command Reference guide.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 5

 1 Introduction

Figure 2: Cisco Meeting Server documentation set

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 6

 1 Introduction

1.1.1 Commands
In this document, commands are shown in black and must be entered as given—replacing any
parameters in <> brackets with your appropriate values. Examples are shown in blue and must
be adapted to your deployment.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 7

 2 H.323 Gateway Configuration

2 H.323 Gateway Configuration

2.1 Overview
The H.323 Gateway is a core component and the recommended deployment is to deploy it on
the same server as the Call Bridge. However, the H.323 Gateway can be enabled on a separate
Core server.
The H.323 Gateway listens on a minimum of two ports:
n For H.323 incoming calls to be interworked to SIP for forwarding to the Call Bridge
n For SIP incoming calls from the Call Bridge to be interworked to H.323 before being
forwarded

We recommend that the H.323 Gateway listens on the same interface as the Call Bridge (but on
different port numbers) and is used to listen for both SIP and H.323 calls, see Figure 3

Figure 3: Incoming and outgoing H.323 calls with H.323 Gateway

For external outgoing calls from the gateway, we recommend that the H.323 calls are
forwarded to a H.323 Gatekeeper (see Figure 4) that deals with routing e.g. using dial plan rules.

Note: the H.323 Gateway supports a single next hop. Use the H.323 Gatekeeper’s neighboring
feature to allow the H.323 Gateway to reach multiple gatekeepers.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 8

 2 H.323 Gateway Configuration

Figure 4: H.323 Gateway with H.323 Gatekeeper

In order to accept calls from H.323 endpoints and make calls to them, the Call Bridge must be
configured to use the H.323 Gateway as the destination for outgoing calls via the Outbound dial
plan, and the H.323 Gateway must be configured to forward SIP calls to a Call Bridge.
This section provides example configurations for the recommended deployment that must be
adapted to your topology.

Note: Some old H.323 gatekeepers do not provide the domain in destination addresses for
outgoing calls, and cannot handle a domain for incoming calls. These gatekeepers supply and
require an E.164 address or H.323 id for the address.The commands to support these devices,
are listed in Appendix C.

2.1.1 Prerequisites
The instructions in this section assume that the other components of the Meeting Server have
been set and are running.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 9

 2 H.323 Gateway Configuration

n The ports in Table 1 are required by the H.323 Gateway (see Figure 5).

Table 1: Ports required by H.323 Gateway

Traffic
direction with Link
Connecting Destination respect to shown in Additional
Component to port to open Traffic type component Figure 5 information

Call Bridge H.323 6061 TCP (SIP) Outgoing 6 Port configurable

Gateway through MMP

H.323 H.323 1720 TCP (H.225) Incoming 2 Port not

Gateway Gatekeeper configurable

port on TCP (H.225) Outgoing 3

H.323
Gatekeeper
for next hop

H.323 H.323 1024- TCP (H.245) Incoming 2 Port not

Gateway Gatekeeper 65535 (note configurable
1)

port on TCP (H.245) Outgoing 3

H.323
Gatekeeper
for next hop

H.323 H.323 32768- UDP media Incoming and 1

Gateway registered 65535 (note outgoing
endpoint 2)

n The H.323 Gateway provides no firewall traversal functionality.

l The H.323 call control device that any of your H.323 endpoints are registered to, must
provide firewall traversal functionality, and be configured to forward calls to the H.323
Gateway . See Appendix A for an example using the Cisco VCS.
l Unregistered H.323 endpoints must use IP dialing to reach the H.323 Gateway . See
Section 2.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 10

 2 H.323 Gateway Configuration

2.2 H.323 Gateway configuration

Figure 5: Configuration for H.323 Gateway with H.323 Gatekeeper

Follow these steps to configure and enable the H.323 Gateway component on the appropriate
Meeting Server. If your deployment does not use an H.323 Gatekeeper, omit step 5.
1. SSH into the MMP and log in.
2. Configure the interfaces that the H.323 Gateway listens on for incoming H.323 calls (call
flow number 2 in Figure 5).
The command h323_gateway h323_interfaces <interface whitelist> allows
you to configure the interfaces that the H.323 Gateway listens for H.323 traffic on (chosen
from A, B, C or D). By default the H.323 Gateway listens on no interfaces. For example,
configure the h323_interfaces to listen on interface A, enter:
h323_gateway h323_interfaces a
3. Configure the interfaces that the gateway listens on for incoming SIP calls from the Call
Bridge (call flow number 6 in Figure 5).
The command h323_gateway sip_interfaces <interface whitelist> allows
you to configure the listening interfaces (for 1.7.0 this is interface A). By default the sip_
interfaces listens on no interfaces.
For example, configure the sip interface to listen on interface A
h323_gateway sip_interfaces a
4. Configure the ports for the SIP interface to listen on (call flow number 6 in Figure 5). By
default the H.323 Gateway uses 6061.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 11

 2 H.323 Gateway Configuration

h323_gateway sip_port 6061

Note: if you wish to change the default port from 6061, and if the H.323 Gateway and Call
Bridge are on the same server, make sure you avoid port 5061 which is used by the Call
Bridge.

5. Configure the H.323 Gatekeeper’s (call control’s) hostname or IP address (call flow number
3 in Figure 5).
The H.323 Gateway will connect to this IP address for all outgoing H.323 calls and let the call
control device handle the routing.
For example, if the gatekeeper in the figure above is at IP address 192.168.1.110
h323_gateway h323_nexthop 192.168.1.110

Note: omit this step, if your deployment does not use an H.323 Gatekeeper.

6. Configure the Call Bridge IP address (call flow number 5 in Figure 5).
7. The H.323 Gateway will connect to this IP address for all outgoing SIP calls and let the Call
Bridge handle the routing via its dial plan. From R1.8, if the Call Bridge and the H.323
Gateway are on the same host then you must use IP address 127.0.0.1.
l If Call Bridge and H.323 Gateway on the same host, use:
h323_gateway sip_proxy 127.0.0.1
l If the Call Bridge and H.323 Gateway are on the different hosts then set the IP address
to be the address of the Call Bridge, which must be reachable from the H.323
Gateway.
Example of Call Bridge and H.323 Gateway on the different hosts, the IP address of
the Call Bridge being 192.168.6.25
h323_gateway sip_proxy 192.168.6.25
8. Enable the H.323 Gateway component.
h323_gateway enable
Use the command h323_gateway to check the configuration. A typical output is shown in
Figure 6.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 12

 2 H.323 Gateway Configuration

Figure 6: Output from h323_gateway command

A certificate is required on each H.323 Gateway; the certificate can be signed by an internal CA.
Follow the steps in Appendix B to generate the private key and signed certificate, then upload to
each H.323 Gateway.

2.3 Call Bridge outbound dial plan rule configuration

Follow these steps to divert all outbound calls through the H.323 Gateway. You need to create
an Outbound dial plan rule for the Call Bridge.
1. Sign in to the Meeting Server’s Web Admin Interface.
2. Complete the following fields:
Domain: Match all domains i.e. leave empty (see below).
SIP Proxy to Use: The SIP interface of the H.323 Gateway

Note: if the H.323 Gateway and Call Bridge are on the same host then use IP address
127.0.0.1:6061. If they are on different hosts, then use one of the external interfaces that
the Call Bridge is listening on.

Note: The Meeting Server's Outbound dial plan rule defaults to using port 5061, if not
specified. You need to change this to match the port used by the SIP interface of the H.323
Gateway, which defaults to 6061.

Encryption: Encrypted

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 13

 2 H.323 Gateway Configuration

Figure 7: Web Admin Interface showing Outbound dial plan with match all domains

To divert calls with a specific destination domain through the H.323 Gateway, create an
Outbound dial plan rule for the Call Bridge as follows:
1. Sign in to the Meeting Server’s Web Admin Interface .
2. Select Configuration>Outbound calls.
3. Complete the following fields:
l Domain: The destination domain. In the example below, the domain is @h323.com. All
calls to <anything>@h323.com will be diverted through the H.323 Gateway.
l SIP Proxy to Use: Specify the SIP interface of the H.323 Gateway. If the H.323 Gateway
and Call Bridge are on the same host then use IP address 127.0.0.1:6061. If they are on
different hosts, then use one of the external interfaces that the Call Bridge is listening on.

Note: The Outbound dial plan rule defaults to using port 5061, if not specified. You need
to change this to match the port used by the SIP interface of the H.323 Gateway, which
defaults to 6061.

l Encryption: Encrypted

Figure 8: Web Admin Interface showing Outbound dial plan with match domain @h323.com

Note: the H.323 Gateway cannot modify the dialed address. If you require dialed addresses to
be modified, then you will need to use an H.323 Gatekeeper in your deployment that is capable
of modifying dialed addresses.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 14

 2 H.323 Gateway Configuration

2.4 Configuring IP dialing

IP dialing is required when there is no H.323 Gatekeeper i.e. H.323 endpoints are not registered
to a call control solution, and calls are made by IP address.
For IP dialing to work for calls from both internal and external H.323 endpoints, use the H.323
Gateway as a Core component as above but add a second listening interface for the external
calls e.g. on interface B.
For IP dialing, we assume that incoming calls are in one of the following formats:
n IP address – which needs to be mapped onto a URI by the H.323 Gateway. Therefore
configure the default URI for incoming H.323 calls without a destination. This call can be
diverted to a space, a Cisco Meeting App user or a Meeting Server IVR.
For example, in the MMP, set the default URI to an IVR:
h323_gateway default_uri [email protected]
n user@IPaddress – which is processed by the Call Bridge Incoming dial plan rules; can be a
space, a Cisco Meeting App user or even an external user. Note that the Incoming dial plan
rules match to the URI not to a callID.

user@domain – which is processed by the Call Bridge Incoming dial plan rules; can be a
space, a Cisco Meeting App user or even an external user.

Note: set call matching for <IP address> or the <domain> on the Web Admin Interface.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 15

 3 Call Testing

3 Call Testing
Depending on the type of call(s) or meetings you intend to have, read and follow the example(s)
in the appropriate section(s).
n Inbound call from an H.323 endpoint registered to an H.323 Gateway
n Inbound call from an unregistered H.323 endpoint by dialing an IP address
n Inbound call from an unregistered H.323 endpoint by dialing <coSpace_uri>@IP address
n Outbound call to a registered H.323 endpoint
n Outbound call to an unregistered H323 endpoint by dialing an IP address (call routed with
H.323 Gatekeeper)
n Outbound call to an unregistered H323 endpoint by dialing an IP address (call routed without
H.323 Gatekeeper)
n Calling non Cisco Meeting App users from an H.323 endpoint

Note:
1) H.323 signaling is unencrypted, so you can use pcap to obtain an H.323 trace. In addition, the
MMP command h323_gateway trace_level <level> provides additional logging to aid
troubleshooting by Cisco support. You may be asked to provide traces for levels 0, 1 or 2.

2) Support for legacy gatekeepers and endpoints: some old H.323 gatekeepers do not provide
the domain in destination addresses for outgoing calls, and cannot handle a domain for
incoming calls. These gatekeepers supply and require an E.164 address or H.323 id for the
address. There are commands to support these devices, seeAppendix C"H.323 Gateway
address handling for older gatekeepers " on page 34 for more details.

3.1 Inbound call from an H.323 endpoint registered to an H.323 Gateway

Example setup:
n Calling party’s H.323 endpoint alias: [email protected]
n Dialing space URI: [email protected]

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 16

 3 Call Testing

Figure 9: Call Flow for Inbound Call from Registered H.323 Endpoint

Where:

(1) is an H.323 call to [email protected]

(2) is an H.323 call to [email protected]
(3) is a SIP call to [email protected]

Note: From the Call Bridge's point of view, this is an incoming SIP call from the H.323 Gateway .

After the call has connected, check Status>Calls in the Web Admin Interface (see Figure 10)

Figure 10: Web Admin Interface showing active call

The call status on the H.323 Gatekeeper, which in this example is a Cisco VCS, shows it as a
H.323 call (see Figure 11). The Meeting Server's H.323 Gateway performs the interworking.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 17

 3 Call Testing

Figure 11: Cisco VCS showing call status

3.2 Inbound call from an unregistered H.323 endpoint by dialing an IP

address
Prerequisite:
n Set up an IVR
n Set up space with call ID “123456”

Note: By changing the default URI to an IVR URI, after the incoming call is connected, users
can enter a space’s Call ID to join a specific space.

n For IP dialing to work for calls from both internal and external H.323 endpoints, use the H.323
Gateway as a Core component but add a second listening interface for the external calls e.g.
on interface B.
h323_gateway h323_interfaces a b

Note: the H.323 Gateway cannot traverse NAT or firewalls. The second listening interface for
external calls must be internet facing with a public IP address.

Example setup:
n Calling party’s unregistered H.323 endpoint name: Brian.ex60
n Dialing: 192.168.1.91

where 192.168.1.91 is the called party’s H.323 Gateway listening interface

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 18

 3 Call Testing

Figure 12: Call flow for inbound call from unregistered H.323 endpoint

Where:

(1) is an H.323 call to 192.168.1.91

(2) is a SIP call to [email protected]
(3) is a DTMF entry of ID “123456”

After the call has connected, check the call status in the Web Admin Interface (see Figure 13).

Figure 13: Web Admin Interface showing active call

3.3 Inbound call from an unregistered H.323 endpoint by dialing <space_

uri>@IP address
Prerequisite:

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 19

 3 Call Testing

n Create a call matching rule to match the domain “192.168.1.91”.

Figure 14: Creating a Call matching rule

n For IP dialing to work for calls from both internal and external H.323 endpoints, use the
H.323 Gateway as a Core component but add a second listening interface for the external
calls e.g. on interface B
h323_gateway h323_interfaces a b

Note: the H.323 Gateway cannot traverse NAT or firewalls. The second listening interface
for external calls must be internet facing with a public IP address.

Example setup:
n Calling party’s unregistered H.323 endpoint name: example.MXP
n Dialing: [email protected]

where 192.168.1.91 is the called party’s H.323 Gateway listening interface.

After the call has connected, check the call status in the Web Admin Interface (see Figure 15).

Figure 15: Web Admin Interface showing active call

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 20

 3 Call Testing

3.4 Outbound call to a registered H.323 endpoint

Prerequisite:
n Create a dial plan rule

Example setup:
n Calling party’s Cisco Meeting App user URI: [email protected]
n Dialing: [email protected]

where [email protected] is the called party’s H.323 endpoint.

Figure 16: Call flow for outbound call to a registered H.323 endpoint

Where:

(1) is a Cisco Meeting App call to [email protected]

(2) is a SIP call
(3) is an H323 call
(4) is an H323 call

After the call has connected check the status in the Web Admin Interface (see Figure 17).

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 21

 3 Call Testing

Figure 17: Web Admin Interface showing active call

The call status on the H.323 Gatekeeper shows it as an H.323 call, in this example the H.323
Gatekeeper is a Cisco VCS, (see Figure 18). The Meeting Server's H.323 Gateway performs the
interworking.

Figure 18: Cisco VCS showing call status

3.5 Outbound call to an unregistered H323 endpoint by dialing an IP

address (call routed with H.323 Gatekeeper)

Note: in this scenario, the H.323 endpoint is unregistered, but an H.323 Gatekeeper routes the
call.

Prerequisite:
n Decide on which dial plan rule to use, default rule or a custom rule
n On the H.323 Gatekeeper (in this example this is a Cisco VCS), in the Dial plan

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 22

 3 Call Testing

configuration set the ‘Calls to Unknown IP Addresses’ to Direct (see Figure 19) and ensure
that the H.323 Gatekeeper can reach the endpoint that you are dialing.

Figure 19: Cisco VCS Dial plan configuration page

n For IP dialing to work for calls from both internal and external H.323 endpoints, use the
H.323 Gateway as a Core component but add a second listening interface for the external
calls e.g. on interface B
h323_gateway h323_interfaces a b

Example setup:
n Calling party’s Cisco Meeting App user URI: [email protected]
n Dialing: 192.168.1.219

where 19.168.1.219 is the called party’s H.323 endpoint IP address

Figure 20: Call flow for outbound call to an unregistered H.323 endpoint by dialing an IP address

Where:

(1) Cisco Meeting App call to 192.168.1.219

(2) SIP call
(3) H323 call

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 23

 3 Call Testing

(4) H323 call

When the call has connected, check the status in the Web Admin Interface (see Figure 21)

Figure 21: Web Admin Interface showing active call

If you are using a Cisco VCS as the H.323 Gatekeeper, the call will look similar to Figure 22.

Figure 22: Cisco VCS showing call status

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 24

 3 Call Testing

3.6 Outbound call to an unregistered H323 endpoint by dialing an IP

address (call routed without H.323 Gatekeeper)

Note: in this scenario, the H.323 endpoint is unregistered, and there is no H.323 Gatekeeper to
route the calls.

Prerequisite:
n The h323_gateway h323_nexthop configuration must be removed if previously set. For
example:
a. SSH into the MMP and log in.
b. Remove the h323_gateway h323_nexthop configuration
h323_gateway del h323_nexthop
n For IP dialing to work for calls from both internal and external H.323 endpoints, use the
H.323 Gateway as a Core component but add a second listening interface for the external
calls e.g. on interface B
h323_gateway h323_interfaces a b

Note: the H.323 Gateway cannot traverse NAT or firewalls. The second listening interface
for external calls must be internet facing with a public IP address.

Example setup:
n Calling party’s Cisco Meeting App user URI: [email protected]

n Dialing: 192.168.1.201

where 192.168.1.201 is the IP address of the called party’s H.323 endpoint.

Figure 23: Call Flow for Outbound Call to a Unregistered H.323 Endpoint

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 25

 3 Call Testing

Where:

(1) is a Cisco Meeting App call to [email protected]

(2) is a SIP call
(3) is an H323 call

When the call has connected, check the status in the Web Admin Interface (see Figure 24).

Figure 24: Web Admin Interface showing active call

3.7 Calling non Cisco Meeting App users from H.323 endpoint
It is possible to configure the Call Bridge dial plan to be able to call Lync or SIP users. These calls
are transcoded by the Call Bridge.
In this example both the H.323 Gateway and Call Bridge act as a gateway. It is assumed that the
Call Bridge dial plan already allows forwarding of SIP calls to Lync. The H.323 call is interworked
into a SIP call to the Call Bridge which then forwards the call to Lync. In this case the Call Bridge
handles all transcoding of media.
Example setup:
n Calling party’s registered H323 endpoint alias: [email protected]
n Dialing: [email protected]
where lyncuser1.lync@exampledemo is the Lync address for the called

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 26

 3 Call Testing

Figure 25: Call flow from H.323 endpoint to a non Cisco Meeting App user

Where:

(1) is an H323 call

(2) is an H323 call
(3) is a SIP call
(4) is a Lync call

When the call has connected check the status in the Web Admin Interface (see Figure 26).

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 27

 3 Call Testing

Figure 26: Web Admin Interface showing active call

If you are using a Cisco VCS as the H.323 Gatekeeper, the call will look similar to Figure 27.

Figure 27: Cisco VCS showing Call Status

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 28

 4 Troubleshooting Tips

4 Troubleshooting Tips
n After changing the configuration of the H.323 Gateway , the gateway may not work as
expected. Reboot the Meeting Server to solve the issue.
n The Meeting Server's Outbound dial plan rule defaults to using port 5061, if not specified.
You need to change this to match the port used by the SIP interface of the H.323 Gateway ,
which defaults to 6061.
n There is a bug in the Cisco VCS software. Sometimes the settings in Zone > Custom aren't
saved. You may need to delete the zone and start again - remember to update the dial plan
search rules to match.
n The MMP command h323_gateway trace_level <level> provides additional logging
to aid troubleshooting by Cisco support. You may be asked to provide traces for levels 0, 1 or
2.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 29

 Appendix A SIP Call Control Configuration

Appendix A SIP Call Control Configuration

In this appendix the Cisco VCS is used as the example H.323 Gatekeeper/call control device.
A VCS Zone must be created and configured:
1. In VCS go to the Zones page (see the two figures below).
2. Enable H323 and then disable SIP (if both are enabled the VCS will use SIP).
3. In Location, set the Peer 1 address to the IP address of interface that the H.323 Gateway is
listening on.
4. In Advanced:
l Change the Zone profile to Custom.
l Turn off Monitor peer Status.
l Turn on Automatically respond to H.323 searches.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 30

 Appendix A SIP Call Control Configuration

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 31

 Appendix A SIP Call Control Configuration

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 32

 Appendix B Assigning a certificate/private key pair to the H.323 Gateway

Appendix B Assigning a certificate/private key pair

to the H.323 Gateway
A certificate is required on each H.323 Gateway ; the certificate can be signed by an internal CA.
Follow these steps:
1. Generate a private key and the Certificate Signing Request (.csr) file for the Meeting Server's
H.323 Gateway application. For information on how to generate a private key and .csr file,
refer to one of the Certificate Guidelines.

Note: the public key is created and held within the .csr file.

2. Submit the .csr file to the CA (public CA or internal CA) for signing
You can use the pki command on the Meeting Server to generate the private key and .csr file,
and submit the pair to an internal CA such as an Active Directory server with the Active
Directory Certificate Services Role installed.
3. SSH into the MMP
4. Upload the signed certificate and intermediate CA bundle (if any) to the Meeting Server
using SFTP.
5. Check that the certificate (and certificate bundle) and the private key match
pki verify <certicate> <cert bundle/CA cert> [<CA cert>]
6. Assign the certificate (and certificate bundle) and private key pair to the H.323 Gateway .
h323_gateway certs <keyfile> <certificatefile> [<cert-bundle>]
7. Restart the H.323 Gateway
h323_gateway restart

Note: if you perform TLS certificate verification by using the command:

tls SIP verify enable
then certificate verification will be undertaken against the TLS SIP trust store on the Call Bridge
and the SIP service on the H.323 Gateway. Use the tls SIP trust <crt bundle>
command to set up the TLS SIP trust store.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 33

 Appendix C H.323 Gateway address handling for older gatekeepers

Appendix C H.323 Gateway address handling for

older gatekeepers
Some old H.323 gatekeepers do not provide the domain in the destination addresses for
outgoing calls, and cannot handle a domain for incoming calls. These gatekeepers supply and
require an E.164 address or H.323 id for the address. There are MMP commands to support
these devices, see Appendix D for the syntax of all MMP commands for the H.323 Gateway .
Figure 28 illustrates how the destination address for calls from legacy gatekeepers can be
accepted by appending a domain to the destination address using MMP command h323_
gateway sip_domain <sip_domain_uri>. The source address can also have a domain
added which can aid dial-back of that user. Using command h323_gateway h323_domain
<h323_domain_uri>, appends a domain which enables the Call Bridge to identify where the
call originates, and hence support call back.

Figure 28: Adding the domain to the source address

Figure 29 illustrates how call back can be made to work for calls originating from legacy H.323
gatekeepers. Using command h323_gateway h323_domain_strip yes removes the
domain from the destination if it matches h323_domain and using command h323_gateway
sip_domain_strip yes removes the domain from the source address if it matches sip_
domain, when making a call to the legacy gatekeeper.

Figure 29: Removing the domain for call back

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 34

 Appendix C H.323 Gateway address handling for older gatekeepers

Note: dialing an IP address does not require removal of the domain, as the Call Bridge
recognizes that it is an IP address and does not append the domain.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 35

 Appendix D H.323 Gateway MMP commands

Appendix D H.323 Gateway MMP commands

This appendix lists the MMP commands to configure the H.323 Gateway, they are also provided
in the MMP Command Reference Guide.

Command/Examples Description/Notes

h323_gateway The gateway will not start unless it is configured properly.

enable/disable/restart

h323_gateway certs Defines the name of the private key file and .crt file for the
<keyfile> <certificate
H.323 Gateway application and, optionally, a CA certificate bundle as provided by
file> [<cert-bundle>]
your CA. (See "Assigning a certificate/private key pair to the H.323 Gateway" on
page 33.)

Removes certificate configuration

h323_gateway certs
none

h323_gateway h323_ Connect to this IP address for all outgoing H.323 calls and let the device at this IP
nexthop <host/ip> address handle the routing. If this address is not set, only IP dialing works.
h323_gateway del h323_
nexthop Typically this IP address is a Cisco VCS/Polycom DMA, and an H.323 trunk is
established between the Meeting Server's H.323 Gateway and the third party
device (H.323 Gatekeeper).
The H.323 Gateway does not register with the device, just forwards calls to them
– the device will need to be configured appropriately to accept these calls.

h323_gateway default_ Optional. If an incoming H.323 call has no destination (normally only the case
uri <uri> when the H.323 Gateway has been dialed by an IP address) the SIP call is made
to whatever default_uri is set. The default_uri may point to an IVR, or directly into
a space. If it is not set, the call is rejected.
h323_gateway del
default_uri

h323_gateway sip_ Optional. If an incoming H.323 call is made to the gateway without a domain in
domain <sip_domain > the destination address, @<sip_domain> will be appended to the destination
address before the SIP call to the Call Bridge is made.

h323_gateway del sip_

domain

h323_gateway sip_ If set to "yes" and "h323_gateway sip_domain" is set, when a SIP call is made to
domain_strip <yes/no> the gateway the @<sip_domain> will be stripped from the source address (if
present) before making the H.323 call.

h323_gateway h323_ Optional. If an H.323 call is made to the gateway without including a domain in
domain <h323_domain> the source address, @<h323_domain> will be appended to the source address
h323_gateway del h323_ before the SIP call is made.
domain

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 36

 Appendix D H.323 Gateway MMP commands

Command/Examples Description/Notes

h323_gateway h323_ If set to "yes" and "h323_gateway h323_domain" is set, when a SIP call is made
domain_strip <yes/no> to the gateway the <h323_domain> will be stripped from the destination address
(if present) before making the H.323 call.

h323_gateway h323_ Must be configured in order for the gateway to start, but the actual setting is
interfaces <interface currently ignored.
list>
h323_gateway sip_
interfaces <interface
list>

h323_gateway sip_port Ports for the SIP side to listen on. The default is 6061.
<port>
Note: if you wish to change the default port from 6061, and if the H.323 Gateway
and Call Bridge are on the same server, make sure you avoid port 5061 which is
used by the Call Bridge. Changes do not take place until the gateway is restarted.

The H.323 Gateway always expects TLS connections; therefore, "Encrypted"

should be selected on outbound dial plan rules on the Call Bridge

h323_gateway sip_proxy Set this to the IP address of the Call Bridge, or for multiple Call Bridges use the
<uri> domain name (through DNS). All incoming H.323 calls will be directed to this uri

h323_gateway restrict_ If set to yes, the H.323 Gateway is limited to a safe set of codecs that are less
codecs <yes/no> likely to cause interoperability problems. Currently this set is
G.711/G.722/G.728/H.261/H.263/ H.263+/H.264.
Codecs disabled by this feature are G.722.1 and AAC.

h323_gateway disable_ If set to yes, H.239 content is disabled.

content <yes/no>

h323_gateway trace_ Provides additional logging to aid troubleshooting by Cisco support. You may be
level <level> asked to provide traces for levels 0, 1, 2 or 3.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 37

 Cisco Legal Information

Cisco Legal Information

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE
SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND
RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE
PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE
FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT
ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE
INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE
SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE
FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program
developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University
of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND
SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE
ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED,
INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING,
USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL,
CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST
PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE
THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended
to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative
purposes only. Any use of actual IP addresses or phone numbers in illustrative content is
unintentional and coincidental.
All printed copies and duplicate soft copies are considered un-Controlled copies and the
original on-line version should be referred to for latest version.
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are
listed on the Cisco website at www.cisco.com/go/offices.
© 2016 Cisco Systems, Inc. All rights reserved.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE
SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND
RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 38

 Cisco Legal Information

PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE
FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT
ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE
INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE
SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE
FOR A COPY.
The following information is for FCC compliance of Class A devices: This equipment has been
tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the
FCC rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This equipment
generates, uses, and can radiate radio-frequency energy and, if not installed and used in
accordance with the instruction manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely to cause harmful
interference, in which case users will be required to correct the interference at their own
expense.
The following information is for FCC compliance of Class B devices: This equipment has been
tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the
FCC rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses and can radiate radio
frequency energy and, if not installed and used in accordance with the instructions, may cause
harmful interference to radio communications. However, there is no guarantee that interference
will not occur in a particular installation. If the equipment causes interference to radio or
television reception, which can be determined by turning the equipment off and on, users are
encouraged to try to correct the interference by using one or more of the following measures:
l Reorient or relocate the receiving antenna.
l Increase the separation between the equipment and receiver.
l Connect the equipment into an outlet on a circuit different from that to which the receiver
is connected.
l Consult the dealer or an experienced radio/TV technician for help.

Modifications to this product not authorized by Cisco could void the FCC approval and negate
your authority to operate the product.
The Cisco implementation of TCP header compression is an adaptation of a program
developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version
of the UNIX operating system. All rights reserved.
Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND
SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE
ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED,

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 39

 Cisco Legal Information

INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A

PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING,
USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL,
CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST
PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE
THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended
to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative
purposes only. Any use of actual IP addresses or phone numbers in illustrative content is
unintentional and coincidental.
All printed copies and duplicate soft copies are considered un-Controlled copies and the
original on-line version should be referred to for latest version.
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are
listed on the Cisco website at www.cisco.com/go/offices.
© 2016 Cisco Systems, Inc. All rights reserved.

Cisco Meeting Server Release 2.0+ : H.323 Gateway Deployment Guide 40