07-02-2013 09:58 AM - edited 03-18-2019 01:23 AM
I have the Cisco Starter Express working with one ip address nated. This is working only inside the LAN. For to enable this machine over internet I bought the option key for dual network interface. I have enabled two interfaces but I don't know how I have to configure both ip addresses by to access from the internet. I tried to enable the static NAT, but it doesn't worked.
Solved! Go to Solution.
07-08-2013 09:45 AM
There is only one default gateway and this is where the main traffic shall go out and that should point to the internet router.
If you have more internall addresses than "LAN" you can simply add additional routes via the admin console.
Like if LAN is 192.168.150.0/24 connected to LAN2 and you have 192.168.175.0/24 where your laptops are located and your internal
router for tha is 192.168.150.1 you would add that on the xcommand route add command:
xcommand RouteAdd
*h 'xCommand RouteAdd'
"Adds and configures a new IP route (also known as a static route)."
Address(r): < 1=""> "Specifies an IP address used in conjunction with the prefix length to determine the network to which this route applies.">
PrefixLength(r): <1..128> "Specifies the number of bits of the IP address which must match when determining the network to which this route applies. Default: 32"
Gateway(r): < 1=""> "Specifies the IP address of the gateway for this route.">
Interface:
"Specifies the LAN interface to use for this route. Auto: the VCS will select the most appropriate interface to use. Default: Auto"
for the given example it would be (user admin via ssh):
xcommand route add address: 192.168.175.0 prefixlength: 24 gateway 192.168.150.1 interface: LAN2
But to be honest I am not sure jabbervideo this works that well with the expressway espress in
a dual lan enviroment anyhow.
Like with a vcs-c / -e deployment you have the model of the internal and external vcs with
different hosts where it tries to get provisioning and then depending on that gets the data
for the registration. It can be that you anyhow only get the outside ip from the vcs-e.
So I would simply deploy it in a DMZ where the outside and the inside can reach the starterpack with
the same external NATed ip which is hosted in LAN1 or even put it directly on a public ip in a dmz, ...
Please remember to rate helpful responses and identify
07-09-2013 01:37 PM
Hi Hugo!
Ok, perfect, great to hear!
Thank you for setting the thread to answered! +5 for you as well!
Please remember to rate helpful responses and identify
07-02-2013 12:27 PM
Hi Hugo!
It would be handy to have a network drawing on how your network looks like, where exactly you see
the challenges.
In general. If you need NAT you need the Dual interface option, even if you just use one interface.
If you set up NAT with an external IP configured on in the network settings, video devices have
to connect to the external IP, thats valid for both interfaces.
SO In theory if you have a LAN and "the internet" via NAT:
LAN1 without nat settings placed in your lan (ex 10.1.1.2)
LAN2 with NAT (10.2.1.2) nat external ip: 192.0.2.4
LAN1&LAN2 have to be in logical different (l3) networks.
Please remember to rate helpful responses and identify
07-02-2013 01:05 PM
Hi Martin,
Thanks for your answer. Actually I have a NAT on my Firewall, my question is if inside the configuration of the VCS I have to change the option for the LAN 2 by to enable the NAT
07-02-2013 01:21 PM
Thats why I asked for a drawing and more explanation
You only enable NAT on the interface with the IP where NAT is done.
so if you do NAT with both interfaces you have to enable it on both.
If you only do it on one you only enable it and set the external ip on the one where its used, ....
Please remember to rate helpful responses and identify
07-03-2013 01:44 PM
Hi,
Check this document page 56 onwards for how to configure dual NAT:
regards,
Ahmad
07-08-2013 07:20 AM
Ahmad,
Thanks for your answer, I did the configuration based on the information that I saw on the page 56, but the NAT local address doesn't have a default gateway and now I don't have a communication with the LAN.
What can I do by to fix this issue?
Thanks
07-08-2013 08:26 AM
Like I said, make a drawing and exactly explain your network and why it is like it is.
The network segments, and active components, (nat, firewall, endpoints, vcs, ips, zones, ...)
have to be understandable and to be identifiable. Also get note down what you need to archive.
Sometimes the requirement and the deployment dont fit :-)
Or get yourself help from networking and telepresence people.
Such problems are often way more easy to fix by looking at the current setup, rather having
info missing in the messages here, ...
I would strongly doubt that you have a network with nat and no gateway, ...
Sure you can make some combination of a source and destination nat, but that
does not make sense for me here :-)
Please remember to rate helpful responses and identify
07-08-2013 08:46 AM
Martin,
This is the Diagram:
The LAN was configured on the VCS with NAT and the F5 is nated. I don't see the VCS over Internet. Inside the LAN I don't see the LAN 1.
07-08-2013 09:08 AM
What kind of features do you use?
Is it endpoints or jabber video which you plan to register, especially from the LAN.
Where are what kind of devices placed?
How about your DNS setup?
So the devices on LAN2 are only in that lan, so no internet access present?
Regards Endpoints (TC/EXC/MX/SX+MXP) it should not be a problem, you simply configure
lan2 on the vcs to be in a private network like: 192.168.150.2/255.255.255.0
and the endpoints in "LAN" are placed in the same network (like 192.168.150.11, .12, ,13 ...)
As the h323 and sip gk/proxy you set up the LAN2 ip from the vcs, and sure your
dialplan must be ok and as you want public connectivity the dns records for the outside
need to be ok.
LAN1 is configured with the NAT address, not sure regards your drawing if F5 and Firewall are
doing NAT or if its only one NAT.
Also it has to be a static public ip with static NAT, all needed ports needs to be forwarded to the
VCSE and its outbound connectivity must be ok.
So actually I still have not a real clue what your problem is, so where are your endpoints,
what do you try to dial from where, which symptoms and errors do you get and what do you see in
the logfiles.
This looks like a pretty simple standard deployment, maybe it is easier if you find yourself
a Cisco partner who can help you or if you are one yourself, check with Cisco. External
consultants can also be helpful :-)
Please remember to rate helpful responses and identify
07-08-2013 09:22 AM
My Laptop has a jabber client and this equipment is inside the LAN, I can see the VCS inside of the LAN.
The DNS type A and SRV is configured inside of the LAN and over Internet.
The devices on the LAN 2 has access to Internet and the VCS too.
The LAN 2 is configured like a private network with an ip address that I can do a ping and I can manage the VCS.
LAN 1 is configured with NAT address from the F5.
In this moment is the LAN 1, the IP address doesn't respond the ping over the LAN and this is because I can to assign a default gateway for this IP.
How I fix this problem?
This is the IP configuration of the VCS
El mensaje fue editado por: Hugo Vivar
07-08-2013 09:45 AM
There is only one default gateway and this is where the main traffic shall go out and that should point to the internet router.
If you have more internall addresses than "LAN" you can simply add additional routes via the admin console.
Like if LAN is 192.168.150.0/24 connected to LAN2 and you have 192.168.175.0/24 where your laptops are located and your internal
router for tha is 192.168.150.1 you would add that on the xcommand route add command:
xcommand RouteAdd
*h 'xCommand RouteAdd'
"Adds and configures a new IP route (also known as a static route)."
Address(r): < 1=""> "Specifies an IP address used in conjunction with the prefix length to determine the network to which this route applies.">
PrefixLength(r): <1..128> "Specifies the number of bits of the IP address which must match when determining the network to which this route applies. Default: 32"
Gateway(r): < 1=""> "Specifies the IP address of the gateway for this route.">
Interface:
"Specifies the LAN interface to use for this route. Auto: the VCS will select the most appropriate interface to use. Default: Auto"
for the given example it would be (user admin via ssh):
xcommand route add address: 192.168.175.0 prefixlength: 24 gateway 192.168.150.1 interface: LAN2
But to be honest I am not sure jabbervideo this works that well with the expressway espress in
a dual lan enviroment anyhow.
Like with a vcs-c / -e deployment you have the model of the internal and external vcs with
different hosts where it tries to get provisioning and then depending on that gets the data
for the registration. It can be that you anyhow only get the outside ip from the vcs-e.
So I would simply deploy it in a DMZ where the outside and the inside can reach the starterpack with
the same external NATed ip which is hosted in LAN1 or even put it directly on a public ip in a dmz, ...
Please remember to rate helpful responses and identify
07-09-2013 09:46 AM
Martin,
Thanks for your help, now is working. I added the static route.
07-09-2013 01:37 PM
Hi Hugo!
Ok, perfect, great to hear!
Thank you for setting the thread to answered! +5 for you as well!
Please remember to rate helpful responses and identify
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide