The VidyoConferencing platform utilizes reflexive addressing to assist in the setup of Vidyo calls. Reflexive addressing is used when the end user is using VidyoDesktop to make a call from behind a NAT. This happens automatically and is transparent to the user.
Reflexive addressing requires the VidyoRouter to have a public IP address in order to provide NAT traversal of the Vidyo endpoints. If the VidyoRouter itself is placed behind a NAT, reflexive addressing won’t work.
When the VidyoRouter is behind a NAT, the preferred configuration uses DNS to resolve properly to the server IP addresses. In some cases, a combination of the ICE and STUN protocols are used to determine the Public IP translated to the VidyoRouter. This appendix outlines how to configure the VidyoConferencing system to work when placed behind a NAT and still allow users to connect from the public Internet.
There are three basic areas that need to be addressed in order to configure the VidyoConferencing system to operate from behind a NAT. Each is explained in detail in the following sections.
- Firewall and NAT Configuration
- DNS configuration
- Vidyo Server configurations
There are several options to deploy the VidyoConferencing system in order to provide service for your entire organization:
- Place the VidyoPortal and VidyoRouter on a public Static IP address.
- Place the VidyoPortal and VidyoRouter in a private network having a private Static IP address within the organization.
- Place the VidyoPortal and VidyoRouter within the DMZ with a private Static IP address.
When deployed with a public IP address and no server side firewall or NAT, the VidyoPortal and VidyoRouter are reachable by either IP address or DNS name. This is the simplest scenario, since we’re only concerned with the NAT and firewall at the far-end (client side).
Generally speaking, the client-side firewall most often permits any connection initiated on the Private LAN to any outside network destination. In some cases, the local firewalls must be configured to allow each application from the inside to the Public Network.