Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1021
Views
0
Helpful
3
Replies

vcse server nat on firepower

coskun sanli
Level 1
Level 1

‎04-28-2018 02:38 AM - edited ‎02-21-2020 07:40 AM

we have vcsc and vcse servers

the private ip  of vcsc is supposed to reach the public ip of vcse in order to work properly on local network

although we write manual nat rule ,vcsc server cannot ping public ip of vcse .

note that both servers are on same network

attached you can see nat rules we wrote

can you help me this issue

Labels:
Preview file
14 KB
Preview file
27 KB
0 Helpful
3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni

‎04-28-2018 06:37 PM

Hi

 

Not sure i get you correctly.

You want to reach vcse public ip from vcsc?

If so why you want to nat vcsc to vcse public ip?

If these 2 servers have different IPs, why you said they're in same network?

 

On your 2nd screenshot, what's NET_ALL?

 

On your 1st screenshot, few remarks:

- set your nat source and destination interface

- you should have your vcsc server as original source and any as destination

- and public ip as translated source and keep any as destination

 

But again, you don't want to nat your vcsc with vcse public ip.

 

Your requirement is reachability? Because you can't just authorize traffic using acl and routing with natting traffic (nat exemption).

Otherwise you have to Nat to a different public IP or nat using your outside interface.

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

coskun sanli
Level 1
Level 1
In response to Francesco Molino

‎04-29-2018 06:30 AM - edited ‎04-29-2018 06:31 AM

thank you for your reply

i guess i can express the issue clearer by the scenario below

let's assume that;

 

fw public network10.34.110.0/24

local network  10.10.10.0/24

 

vcsc 

public ip 10.34.110.50

private ip 10.10.10.50

 

vcse

public ip 10.34.110.51

private ip 10.10.10.51

 

we want to ping 10.34.110.51 from 10.10.10.50

 

what can you suggest me for this

 

 

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to coskun sanli

‎04-29-2018 05:27 PM

Ok I get it, you want to ping your vcse public ip from vcsc private.

Is this an expressway deployment? Because normally you should have vcsc on your private lan and vcse on your DMZ. I’m not a voice guy but taking a look at the deployment guide this is what it’s shown.

 

I believe vcsc isn’t able to route traffic

Anyway, if you still want to allow private ip of vcsc to access public ip of vcse, you have 2 solutions:

 - Nat your vcsc private ip to a public ip that’s not already use on a specific interface and managed by your Firewall like a new ip of using interface ip.

 - Or allowing routing and adding a nat exemption for this traffic.

 

Can you confirm that’s expressway you’re trying to deploy?

Take a look on this deployment guide:

https://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-9/Cisco-VCS-Basic-Configuration-Control-with-Expressway-Deployment-Guide-X8-9.pdf

 

If you need more assistance in this deployment, I would suggest to open a new thread on this forum in the voice category.

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card