Using your Icon in a private LAN with NAT
If you choose to place your video systems in a private LAN, you must use NAT to communicate with outside systems. This may include enabling static NAT on your Lifesize system.
On your firewall, whether standalone or built in to your router, you must complete one of the following tasks:
- Use 1:1 NAT and open the call setup and media ports over that connection bidirectionally with an access list.
- Forward the call setup and media ports to your Lifesize system.
Read more about restricting reserved ports and refer to your firewall vendor’s documentation for more information.
Enabling static NAT
NAT enables communication between devices on your LAN that have private IP addresses and devices that are accessed through a public IP network. Static NAT ensures that the same public IP address always maps to a system’s private IP address so that data from the public network intended for the private system can be routed to the system reliably.
If you are using static NAT to associate a public IP address with the private IP address of your Lifesize system, you must configure your Lifesize system to work with your static NAT server. From a browser, navigate to Preferences > Network and select Static NAT. Enter the public IP address, hostname, or fully qualified domain name of your system in NAT Public IP Address.
NOTE: You cannot upgrade the system from a web browser outside a firewall when static NAT is enabled. Instead, perform the upgrade from within the firewall.
Testing your NAT environment
If your firewall does not employ a feature set that performs H.323 or SIP NAT, you must enable NAT on your private Lifesize system.
Place a call from a system on the Internet to your system in the private LAN. If your private system connects within the first 2 seconds after answering, your NAT configuration is working properly. If the call does not connect after answering and disconnects after 30 to 50 seconds, the reserved port settings on your codec do not match the settings on your firewall. Ensure that the system and firewall settings for UDP/TCP ports match.
If you still cannot place a successful call, you may have to disable the stateful packet inspection feature on the firewall. Some firewall vendors may call this feature dynamic packet filtering. Refer to your firewall vendor’s documentation for more information.