Regarding auto configure option in AOL instant messanger.

In article , wrote: :Today I have gone through the AOL instant messsanger.

:I think this option is for automatic configuration of firewall. if it :is correct then tell me how can it is possible , some method is given, :if yes then tell me..

:waiting for members sugggestions.

Well, I'm biased, but -my- suggestion is that you answer my earlier point-by-point layout of what I think you are trying to do, because even after your clarification about the two offices we don't understand.

If that's too much trouble to go through, then the biggest point that we need to understand is:

What factors in the situation make it important to not have to configure the firewall? Why not just configure the firewall -once- and leave it configured?

My point-by-point analysis is mostly probing around the edges of those questions, postulating an elaborate series of conditions that would -all- have to be true to make it worth taking the approach you have been proposing. I suspect that very few of us are willing to put a lot of energy into an analysis of how to make a connection between your two offices that side-steps your (unnamed) firewalls when it would be a matter of perhaps 10 minutes for you to configure the firewall once and leave it that way.

Hi walter,

Looking your respose I am happy.

I want to know one more thing that any othe messanger exist in which we don't bother about the configuration of firewall,means it will automatically configure according to protocol. I searched too much regarding this then I think it is posible, I just read about the "stateful inspection" option is there.

Can u tell me whether I am right or wrong. If yes, then tell me all instant messanger is using this option or not.

Welcome the suggestions of other group members. Ravi.

Walter Robers> > :Today I have gone through the AOL instant messsanger.

Hi,

I am trying to give the answer of the query:

1) Branch office : NETGEAR FVS312 prosafe model 2) Same in the HQ. 3) HQ intiated the connection. 4) branch office doesn't have static ip address and HQ has the static office address. 5) yes. 6) No 7) yes. 8) your 8 (b) support our requrirement but In many sites I saw that firewall option is present and i have to configure the firewall for authorised communication. i want to know any another way by which for the authorised user we don't do the configure the firewall.

Give me suggesations. Ravi

Hi,

sorry some change in Branch office and head quater VPN model they are same and name is

NETGEAR FVS318 prosafe .

Ravi

In article , wrote: :I want to know one more thing that any othe messanger exist in which we :don't bother about the configuration of firewall,means it will :automatically configure according to protocol.

Let us try this again:

1) What exact model and software/firmware release do you have at the branch office?

2) What exact model and software/firmware release do you have at your HQ?

3) Which side will initiate the connections?

4) Does the branch office have a fixed IP address? Does the HQ have a fixed IP address?

5) Is there a VPN (Virtual Private Network) between the two offices?

6) Are there additional offices or remote users involved, not just the branch office mentioned?

7) Are the firewalls -already- configured to allow connections on the standard SIP ports (5060) and standard H.323 ports (1720, 1718, 1719) and standard RTSP ports (554) ?

8) When you speak of not having to configure the firewall, do you mean

a) That you want the H.323 and SIP ports blocked until the connection should start, with the firewalls preventing the connection until something happens (such as you starting up the instant messenger program on the server)?; OR

b) That it is acceptable for the H.323 and SIP ports themselves to be open to the branch office all the time, but that as the need arises, the ports that are dynamically negotiated should be permitted through for the duration of the dynamic connection ?

9) If (8a) is the case, that you want even the possibility of the connections blocked most of the time, explain the reasons why you do not want to configure the firewalls to allow the connections to be negotiated.

If both sides are using Netgear ProSafe VPN devices, then the only one of them that is documented as supporting UPnP (Universal Plug and Play) is the FS114. You could try looking through your configurations anyhow, as I might have missed something in the documentation. Instructions for setting up UPnP are -probably- somewhat close to those documented by Microsoft for the Netgear MR814,

You have the patience of a saint, Walter.

In article , wrote: :sorry some change in Branch office and head quater VPN model they are :same and name is

:NETGEAR FVS318 prosafe .

In that case, NO, you can't do it.

The FVS318 does not support UPnP.

On the other hand, on the FVS318, if you have a VPN connected, then by default -all- traffic is allowed between the two sites. You would have to have configured an Outbound or Inbound filter in order to have blocked access to videoconferencing.

I am confused by your indication that you looked at other "sites". Is there a *single* branch office involved, or are there -several- branch offices involved?

If there is a -single- branch office involved, then just configure the firewall once and get it over with.

In article , wrote: :1) Branch office : NETGEAR FVS312 prosafe model :2) Same in the HQ. :3) HQ intiated the connection. :4) branch office doesn't have static ip address and HQ has the static :office address.

That could lead to problems.

As long as the VPN is connected, then the VPN rules can be written in terms of internal IP subnets [I think -- though I don't know the FVS318 well], but if the VPN is not connected, then it is difficult to get the HQ firewall to connect to the dynamic IP without reconfiguring the HQ firewall to reflect the current value of the dynamic IP. If I recall correctly something that I skimmed over this morning, then one approach would be to subscribe to one of the dynamic DNS servers (it might have to be dyndns specifically, not sure) and then the HQ FVS318 can do a DNS lookup of the current registered IP and attempt to start the IPSec connection to there.

When one side has a dynamic IP and the other side does not, it is very often much simpler to have the side with the dynamic IP initiate the connection rather than the side with the static IP.

Hi Walter,

Regarding "NETGEAR FVS318 prosafe doesn't support" I checked my NETGEAR FVS318 prosafe setting then I found that there is one option is given in LAN IP setting option is given "UpnP Enable". I think It will support so they have given. Can u tell me more about that option means hoe this option internally work?????????????

My meaning of going differnent "sites" is Regarding firewall configuration option I have gone through to many Instant Messanger help sites.

Regarding "single branch office invoved" actually in vedio confrencing at a one time three or more than three confrencing is going on. I think u want to ask this with me actually this statemet is not clear to me.

Regardind Netgear configuration you told me that if my head quater has static ip address and my branch office has dyanimic ip address then I have to start configuration from the head office side. Can u tell me if I want to configure from the branch office side then what i have to do?????

Regards, Ravi

Walter Robers> > :sorry some change in Branch office and head quater VPN model they are

Hi Walter, I am again repeat my problem.

Regarding "NETGEAR FVS318 prosafe doesn't support" I checked my NETGEAR FVS318 prosafe setting then I found that there is one option is given in LAN IP setting option is given "UpnP Enable". I think It will support so they have given. Can u tell me more about that option means hoe this option internally work?????????????

My meaning of going differnent "sites" is Regarding firewall configuration option I have gone through to many Instant Messanger help sites.

Regarding "single branch office invoved" actually in vedio confrencing at a one time three or more than three confrencing is going on. I think u want to ask this with me actually this statemet is not clear to me.

Regardind Netgear configuration you told me that if my head quater has static ip address and my branch office has dyanimic ip address then I have to start configuration from the head office side. Can u tell me if I want to configure from the branch office side then what i have to do?????

Regards, Ravi

Walter Robers> > :1) Branch office : NETGEAR FVS312 prosafe model

In article , wrote: :Regarding "NETGEAR FVS318 prosafe doesn't support" I checked my NETGEAR FVS318 :prosafe setting

.... just as I suggested you do several days ago...

:then I found that there is one option is given in LAN :IP setting option is given "UpnP Enable". :I think It will support so they have given. Can u tell me more about :that option means hoe this option internally work?????????????

Sorry, no. The product data sheet and reference manual for the FVS318 both omit mention of UPnP, so I cannot make any extrapolations about the extent of support for UPnP on whatever software release you are using.

For a better idea of how UPnP interacts with NETGEAR products, see the microsoft URL I posted earlier, about configuring UPnP on the NETGEAR MR router.

:Regarding "single branch office invoved" actually in vedio confrencing :at a one time three or more than three confrencing is going on. I think :u want to ask this with me actually this statemet is not clear to me.

Okay, so you have 3 or more video conferences going at a time. Where are the participants located? You earlier answered NO when I asked if there multiple branch offices involved, so do we understand correctly that there might be more than one person at the branch office and more than one person at HQ taking part in the same video conference? Or are video conferences all independant, involving pairs of people, one in the branch office and one at HQ but with several such pairs happening to communicate simultaneously ?

:Regardind Netgear configuration you told me that if my head quater has :static ip address and my branch office has dyanimic ip address then I :have to start configuration from the head office side.

No, I said that in that situation, if the VPN link is not active, and the VPN link must be started up, then either the branch must start the link, or else you have to use Netgear's support for dynamic DNS.

:Can u tell me if :I want to configure from the branch office side then what i have to :do?????

I suggest you read the Netgear FVS318 manual, as it shows how to configure VPNs. See

and make sure that you refer to the manual that is specific to your FVS318 version (there are three different hardware versions.)