Chapter 15 ALG
NXC5200 User’s Guide
226
15.1.2 What You Need to Know
The following terms and concepts may help as you read this chapter.
Application Layer Gateway (ALG), NAT and Firewall
The NXC can function as an Application Layer Gateway (ALG) to allow certain NAT
un-friendly applications (such as SIP) to operate properly through the NXC’s NAT
and firewall. The NXC dynamically creates an implicit NAT session and firewall
session for the application’s traffic from the WAN to the LAN. The ALG on the NXC
supports all of the NXC’s NAT mapping types.
FTP ALG
The FTP ALG allows TCP packets with a specified port destination to pass through.
If the FTP server is located on the LAN, you must also configure NAT (port
forwarding) and firewall rules if you want to allow access to the server from the
WAN.
H.323 ALG
• The H.323 ALG supports peer-to-peer H.323 calls.
• The H.323 ALG handles H.323 calls that go through NAT or that the NXC routes.
You can also make other H.323 calls that do not go through NAT or routing.
Examples would be calls between LAN IP addresses that are on the same
subnet.
• The H.323 ALG allows calls to go out through NAT. For example, you could make
a call from a private IP address on the LAN to a peer device on the WAN.
• The H.323 ALG operates on TCP packets with a specified port destination.
• The NXC allows H.323 audio connections.
• The NXC can also apply bandwidth management to traffic that goes through the
H.323 ALG.
The following example shows H.323 signaling (1) and audio (2) sessions between
H.323 devices A and B.
Figure 96
H.323 ALG Example