ā04-06-2015 12:13 AM - last edited on ā03-25-2019 07:27 PM by ciscomoderator
Hi,
I have a customer who wants VPN less access to Finesse server for agents from remote locations and for home agents.. we are thinking of using NAT here.
Summary of the Architecture: 2 DCs (UCCE Side A and Side B), centralized call termination, VGs in DCs, VXML gateways also in DCs. 9 agent locations connected via MPLS links to DCs, 1 outsourced agent location with 100 agents ( planning to go for mobile agents for outsourced agents)
It is mentioned in the below link that Finesse supports basic NAT between Finesse server and Finesse clients
I don't have much understanding of security concepts.. so looking for some help here.
1. Does NAT (one to mapping) between Finesse server and Finesse client means, each of the Finesse clients will also need one unique public ip mapped to each of the agent PCs?
2. What are the benefits and drawbacks of using Nating approach instead of using VPN access to Finesse servers?
3. Since it is mentioned that one to many mapping between Finesse servers and Finesse clinets is not supported, need to understand with an example of one to many scenario in contact enter world.
Thanks
Nirmal
ā04-06-2015 04:16 AM
This doesn't sound like a good approach at all. While I'm not sure what the security implications might be, VPN is tried and true, so why reinvent the wheel?
david
ā04-06-2015 04:31 AM
Hi David,
Thanks for looking into this.. sure it does not look like a good approach but want to understand the implications of this approach and since this is supported by Cisco so what's the use case of supporting NAT for Finesse..
Thanks
Nirmal
ā04-06-2015 07:07 AM
Looking for quick help here.. can someone else respond who might have seen/done this before?
Thanks, Nirmal
ā04-07-2015 04:44 AM
Hi, we have a similar setup for one of my clients and NAT works for us, for both inshouse and outsource sites which connects to us via the Public.
1. Does NAT (one to mapping) between Finesse server and Finesse client means, each of the Finesse clients will also need one unique public ip mapped to each of the agent PCs?
Ans. Why Public IPs? How is that one outsourced company connecting into the DCs network?
2. What are the benefits and drawbacks of using Nating approach instead of using VPN access to Finesse servers?
Ans. We tested both, and I think VPN works better as when they VPN they are technicaly a part of the network and then can access Finesse locally,
3. Since it is mentioned that one to many mapping between Finesse servers and Finesse clinets is not supported, need to understand with an example of one to many scenario in contact enter world.
Ans. One to many is when for eg 10 PCs behinds NAT but they talk to Finesse server as only 1 IP and teh NAT table manages the sessions to these 10 Finesse client PCs. One to One is when every PC gets a NATed IP to talk to outside workd / Finesse.
Kartik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide