[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring a Media Gateway in Subscribers' Homes

When a cable service provider offers MGCP services to residential subscribers, typically they locate the Juniper Networks device and the call agent on their premises and intstall an Integrated Access Device (IAD), or set-top box, in each subscriber's home. The IADs act as a gateways for the residences

Before You Begin

For background information, read Understanding the MGCP ALG.

After creating zones—external_subscriber for the customer and internal_ca for the service provider—you configure addresses, then interfaces, and finally policies to allow signaling between endpoints. Note that although gateways frequently reside in different zones, requiring policies for media traffic, in this example both gateways are in the same subnet. Note also that because Real-time Transport Protocol (RTP) traffic between the gateways never passes through the device, no policy is needed for the media. See Figure 86.

Use either the J-Web or CLI configuration editor.

Figure 86: Media Gateway in Subscribers' Home

Image g030639.gif

This topic covers:

J-Web Configuration

To configure zones:

  1. Select Configuration > View and Edit > Edit Configuration. The Configuration page appears.
  2. Next to Security, click Configure or Edit.
  3. Next to Zones, click Configure.
  4. Next to Security zones, click Add new entry.
  5. In the Name box, type external_subscriber.
  6. Next to Host inbound traffic, click Configure.
  7. Next to System services, click Add new entry.
  8. Next to Service name, select all and click OK.
  9. Next to Protocols, click Add new entry.
  10. Next to Protocol name box, select all and click OK.
  11. Next to Security zones, click Add new entry.
  12. In the Name box, type internal_ca.
  13. Next to Host inbound traffic, click Configure.
  14. Next to System services, click Add new entry.
  15. Next to Service name, select all and click OK.
  16. Next to Protocols, click Add new entry.
  17. Next to Protocol name box, select all and click OK.
  18. To save and commit the configuration, click Commit.

To configure addresses:

  1. Select Configuration > View and Edit > Edit Configuration. The Configuration page appears.
  2. Next to Security, click Configure or Edit.
  3. Next to Zones, click Configure or Edit.
  4. Next to Security zone, click Add new entry.
  5. In the Name box, type internal_ca.
  6. Next to Address book, click Configure or Edit.
  7. Next to Address, click Add new entry.
  8. In the Address name box, type ca_agent1 10.1.1.101/32 and click OK.
  9. To configure another security zone external_subscriber, repeat Step 2 through Step 9 and click OK.
  10. Next to Address book, click Configure.
  11. Next to Address, click Add new entry.
  12. In the Address name box, type SubscriberSubNet 2.2.2.1/24 and click OK.
  13. To save and commit the configuration, click Commit.

To configure interfaces:

  1. Select Configuration > View and Edit > Edit Configuration. The Configuration page appears.
  2. Next to Security, click Configure or Edit.
  3. Next to Zones, click Configure.
  4. Next to Security zone, click Add new entry.
  5. In the Name box, type internal_ca
  6. Next to Interfaces, click Add new entry.
  7. In the Interface unit box, type ge-0/0/01 and click OK.
  8. Next to Interfaces, click Configure or Edit.
  9. Next to Interface, click Add new entry.
  10. In the Interface name box, type ge-0/0/1.
  11. Next to unit, click Add new entry.
  12. In the Interface unit number box, type 0.
  13. Under Family, next to Inet, select the check box, and click Configure.
  14. Next to Address, click Add new entry.
  15. Next to Source, type 2.2.2.1/24 and click OK.
  16. To configure another security zone, external _subscriber, and interface, ge-0/0/0, Step 1 through Step 7 and click OK.
  17. To configure another interface, ge-0/0/0, repeat Step h to Step l.
  18. Under Family, next to Inet, select the check box and click OK.
  19. To save and commit the configuration, click Commit.

To configure internal-to-external zone policies:

  1. Select Configuration > View and Edit > Edit Configuration. The Configuration page appears.
  2. Next to Security, click Configure or Edit.
  3. Next to Policies, select the check box and click Configure.
  4. Next to Policy, click Add new entry.
  5. In the From zone name box, type internal_ca.
  6. In the To zone name box, type external_subscriber.
  7. Next to Policy, click Add new entry.
  8. To specify the Policy name, next to Policy name box, type Pol-CA-To-Subscribers.
  9. Select the Match check box.
  10. Select the Then check box.
  11. Click Configure next to Match check box.
  12. From the Source address choice list, select Source address.
  13. Next to Source address, click Add new entry.
  14. From the Value keyword list, select Enter Specific Value.
  15. In the Address box, type ca-agent1 and click OK.
  16. From the Destination address choice list, select Destination address.
  17. Next to Destination address, click Add new entry.
  18. Next to Value keyword list, select Enter Specific Value.
  19. In the Address box, type SubscriberSubNet and click OK.
  20. From the Application choice list, select Application.
  21. Next to Application, click Add new entry.
  22. Next to Value keyword box, type junos-mgcp and click OK.
  23. Next to Then, click Configure.
  24. Next to Action, select permit and click OK.
  25. To save and commit the configuration, click Commit.

To configure from zone, external_subscriber, and to zone, internal_ca:

  1. Select Configuration > View and Edit > Edit Configuration. The Configuration page appears.
  2. Next to Security, click Configure or Edit.
  3. Next to Policies, select the check box and click Configure.
  4. Next to Policy, click Add new entry.
  5. In the From zone name box, type external_subscriber.
  6. In the To zone name box, type internal_ca.
  7. Next to Policy, click Add new entry.
  8. In the Policy name box, type Pol-Subscribers-To-CA.
  9. Select the Match check box.
  10. Select the Then check box.
  11. Next to Match check box, click Configure.
  12. From the Source address choice list, select Source address.
  13. Next to Source address, click Add new entry.
  14. From the Value keyword list, select Enter Specific Value.
  15. In the Address name box, type SubscriberSubnet and click OK.
  16. From the Destination address choice list, select Destination address.
  17. Next to Destination address, click Add new entry.
  18. Next to Value keyword list, select Enter Specific Value.
  19. In the Address name box, type call_agent1 and click OK.
  20. From the Application choice list, select Application.
  21. Next to Application, click Add new entry.
  22. Next to Value keyword box, type junos-mgcp and click OK.
  23. Next to Then, click Configure.
  24. Next to Action, select permit and click OK.
  25. To save and commit the configuration, click Commit.

To configure from zone and to zone as internal_ca:

  1. Select Configuration > View and Edit > Edit Configuration. The Configuration page appears.
  2. Next to Security, click Configure or Edit.
  3. Next to Policies, select the check box and click Configure.
  4. Next to Policy, click Add new entry.
  5. In the From zone name box, type internal_ca.
  6. In the To zone name box, type internal_ca.
  7. Next to Policy, click Add new entry.
  8. In the Policy name box, type Pol-Intra-CA.
  9. Select the Match check box.
  10. Select the Then check box.
  11. Next to Match check box, click Configure.
  12. From the Source address choice list, select Source address.
  13. Next to Source address, click Add new entry.
  14. From the Value keyword list, select any and click OK.
  15. From the Destination address choice list, select Destination address.
  16. Next to Destination address, click Add new entry.
  17. Next to Value keyword list, select any and click OK.
  18. From the Application choice list, select Application.
  19. Next to Application, click Add new entry.
  20. Next to Value keyword box, select any and click OK.
  21. Next to Then, click Configure.
  22. Next to Action, select permit.
  23. To save and commit the configuration, click Commit.

To configure from zone and to zone as external_subscriber:

  1. Select Configuration > View and Edit > Edit Configuration. The Configuration page appears.
  2. Next to Security, click Configure or Edit.
  3. Next to Policies, select the check box and click Configure.
  4. Next to Policy, click Add new entry.
  5. In the From zone name box, type external_subscriber.
  6. In the To zone name box, type external_subscriber.
  7. Next to Policy, click Add new entry.
  8. In the Policy name box, type Pol-Intra-subscriber.
  9. Select the Match check box.
  10. Select the Then check box.
  11. Next to Match check box, click Configure.
  12. From the Source address choice list, select Source address.
  13. Next to Source address, click Add new entry.
  14. From the Value keyword list, select any and click OK.
  15. From the Destination address choice list, select Destination address.
  16. Next to Destination address, click Add new entry.
  17. Next to Value keyword list, select any and click OK.
  18. From the Application choice list, select Application.
  19. Next to Application, click Add new entry.
  20. Next to Value keyword box, select any and click OK.
  21. Next to Then, click Configure.
  22. Next to Action, select permit.
  23. To save and commit the configuration, click Commit.

CLI Configuration

  1. Configure zones.
    user@host# set security zones security-zone external_subscriber
    user@host# set security zones security-zone external_subscriber host-inbound-traffic system-services all
    user@host# set security zones security-zone external_subscriber host-inbound-traffic protocols all
    user@host# set security zones security-zone internal_ca
    user@host# set security zones security-zone internal_ca host-inbound-traffic system-services all
    user@host# set security zones security-zone internal_ca host-inbound-traffic protocols all
  2. Configure addresses.
    user@host# set security zones security-zone internal_ca address-book address ca_agent1 10.1.1.101/32
    user@host# set security zones security-zone external_subscriber address-book address SubscriberSubNet 2.2.2.1/24
  3. Configure interfaces.
    user@host# set security zones security-zone internal_ca interfaces ge-0/0/1
    user@host# set interfaces ge-0/0/1 unit 0 family inet address 2.2.2.1/24
    user@host# set security zones security-zone external_subscriber interfaces ge-0/0/0
    user@host# set interfaces ge-0/0/0 unit 0 family inet
  4. Configure internal-to-external zone policies.
    user@host# set security policies from-zone internal_ca to-zone external_subscriber policy Pol-CA-To-Subscribers match source-address ca_agent1
    user@host# set security policies from-zone internal_ca to-zone external_subscriber policy Pol-CA-To-Subscribers match destination-address SubscriberSubNet
    user@host# set security policies from-zone internal_ca to-zone external_subscriber policy Pol-CA-To-Subscribers match application junos-mgcp
    user@host# set security policies from-zone internal_ca to-zone external_subscriber policy Pol-CA-To-Subscribers then permit
    user@host# set security policies from-zone external_subscriber to-zone internal_ca policy Pol-Subscribers-To-CA match source-address SubscriberSubNet
    user@host# set security policies from-zone external_subscriber to-zone internal_ca policy Pol-Subscribers-To-CA match destination-address call_agent1
    user@host# set security policies from-zone external_subscriber to-zone internal_ca policy Pol-Subscribers-To-CA match application junos-mgcp
    user@host# set security policies from-zone external_subscriber to-zone internal_ca policy Pol-Subscribers-To-CA then permit
    user@host# set security policies from-zone internal_ca to-zone internal_ca policy Pol-Intra-CA match source-address any
    user@host# set security policies from-zone internal_ca to-zone internal_ca policy Pol-Intra-CA match destination-address any
    user@host# set security policies from-zone internal_ca to-zone internal_ca policy Pol-Intra-CA match application any
    user@host# set security policies from-zone internal_ca to-zone internal_ca policy Pol-Intra-CA then permit
    user@host# set security policies from-zone external_subscriber to-zone external_subscriber policy Pol-Intra-subscriber match source-address any
    user@host# set security policies from-zone external_subscriber to-zone external_subscriber policy Pol-Intra-subscriber match destination-address any
    user@host# set security policies from-zone external_subscriber to-zone external_subscriber policy Pol-Intra-subscriber match application any
    user@host# set security policies from-zone external_subscriber to-zone external_subscriber policy Pol-Intra-subscriber then permit

Related Topics

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]