06-27-2012 12:47 PM - edited 03-17-2019 02:25 PM
Hi,
Design question;
Suppose a customer has a security policy to never expose an internal server directly to the internet and require all traffic to pass through a device/proxy/.... in the DMZ. How would this translate to CUPS/Jabber with XMPP federation?
The design guides only suggest NAT'ing the CUPS server XMPP port to the Internet . This violates the customers policy. I personally think the customer follows good security practice with his policy.
Regards,
Erik
Sent from Cisco Technical Support iPad App
06-28-2012 08:41 AM
Are there any design guides out there for this? I found a list of ports that the presence server uses:
http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_0/english/port/cupsportusage.html#wp40778
That list sould help, however I would prefer to see someone that has gotten this to work by possibly installing a CUP server in the DMZ and another CUP server in the Internal network so the DMZ server acts as a gateway/router... However if it needs the same insternal access to the Active Directory server, CUCM server, clients, it wouldn't seem to gain very much.
-Todd
09-13-2012 03:48 PM
Hello All,
has anyone been able to manage a federation with external comanies / offers ?
What about the DMZ question ?
The guides in this part are not very clear.
And it somehow seems in opposition with other guidelines in security topics.
Regards
03-21-2014 01:36 AM
Hi Erik
Did you ever solve this problem?
Cheers
Martin
03-21-2014 01:57 AM
Hi Martin,
I managed to get the federation working, but not via a DMZ. Static NAT translations on the outside firewall to the Presence server(s).
Rumors exist that state the next or a next Expressway solution will solve this in the future. Currently nothing can be done, unfortunately.
Regards,
Erik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide