Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
0
Helpful
1
Replies

expose one IP address for all REMB on internet

Go to solution
cshiyou
Cisco Employee
Cisco Employee

‎05-16-2016 01:52 AM

hi guys,

my customer ICBC  asked us to just expose one IP address on internet for all REMBs installed in DMZ zone.

Rem solution is using reverse proxy to hide REAS topology.

But, expose all REMBs IP external interface to internet.

Customer wants to hide REMB IP address also.

for example,

Internal remb#1, 192.168.1.1, (port range 16000~16500)

Internal remb#2, 192.168.9.1.2(port range 16000~16500)

public internet  61.1.1.1 (port range 16000~17000)

is there any customer raised same requirement?

Do we have any workaround?

yours

Alan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
robdoyle
Cisco Employee
Cisco Employee

‎05-17-2016 10:47 AM

Hi Alan,

Typically on the public facing side of the Media Broker in DMZ only 5 ports per media broker are exposed and these are generally NATed via a firewall. This is because the WebRTC calls use port offloading and the sRTP and sRTCP streams on each of the 5 MediaBrokers are multiplexed on the single port.

You could use one IP on the firewall to NAT to all your Media brokers:

  • External FW IP (ports 16000- 16004) -> REMB1 External facing IP (ports 16000 - 16004)
  • External FW IP (ports 16005- 16009) -> REMB2 External facing IP (ports 16000 - 16004)


FYI.. On the internal (SIP) side larger numbers of ports are needed as there is no multiplexing and each call needs 2 ports.


Regards,

Rob





View solution in original post

0 Helpful
1 Reply 1

Go to solution
robdoyle
Cisco Employee
Cisco Employee

‎05-17-2016 10:47 AM

Hi Alan,

Typically on the public facing side of the Media Broker in DMZ only 5 ports per media broker are exposed and these are generally NATed via a firewall. This is because the WebRTC calls use port offloading and the sRTP and sRTCP streams on each of the 5 MediaBrokers are multiplexed on the single port.

You could use one IP on the firewall to NAT to all your Media brokers:

  • External FW IP (ports 16000- 16004) -> REMB1 External facing IP (ports 16000 - 16004)
  • External FW IP (ports 16005- 16009) -> REMB2 External facing IP (ports 16000 - 16004)


FYI.. On the internal (SIP) side larger numbers of ports are needed as there is no multiplexing and each call needs 2 ports.


Regards,

Rob





0 Helpful
Customers Also Viewed These Support Documents