09-09-2013 02:12 AM - edited 03-18-2019 01:46 AM
Hi,
I have deployed VCSc with VCSe for traversal and works well. Internal endpoint/jabber registered on VCSc can make calls to external endpoints/jabber registered on the VCSe and vise versa.
Is it also possible for endpoints/jabber registered on any VCS (VCSc/VCSe) can make calls directly to endpoints with public IP address (not registered on the VCSe)???
Are there configurations needed on the VCS servers? Also what are the additional firewall ports needed to open to allow this call set up?
Your help is really appreciated.
Thank you.
Best regards,
Acevirgil
09-09-2013 02:40 AM
You need to configure a DNS zone on the VCS-E, see part 10 and 11 of the deployment guide:
Also make sure "calls to unknown IP addresses" are set to "Indirect" on the VCS-C and to "Direct" on the VCS-E. You shouldn't have to do anything else on the firewall.
/jens
Please rate replies and mark question(s) as "answered" if applicable.
09-09-2013 08:00 AM
Hi Acevirgil,
actually for making calls to unknown ip-address you don't need a dns zone.
just a setting on VCS-E calls to unknown ip-address should be set to "direct". By default on VCS-E this setting is "direct" only.
Rgds
Alok
09-09-2013 02:42 PM
This is true - just be aware not having a DNS zone will limit connectivity with external sites.
/jens
Please rate replies and mark question(s) as "answered" if applicable.
09-10-2013 03:15 AM
Hi Jens,
Thank you for your response.
In our case, SIP ports are only allowed and being defined on the firewall. For now, inoreder for an endpoint to be able to connect or to be called it should register first to the VCS Expressway as SIP. This is working fine.
Since we are now allowing to call endpoints with unknown public IP addresses, SIP endpoints registered on the VCS servers can dial public IP addresses directly (SIP -----> H323). Interworking is involve on the VCS, so do we need to define also the H323 ports on the firewall?
To give you an overview on the network topology, VCS Expressway is on DMZ and dual NIC was enabled. LAN1 pointing internal network and LAN2 pointing external network NATed with public IP.
Thank you.
Best regards,
Acevirgil
09-10-2013 04:04 AM
Hi Acevirgil,
If you are trying to call a remote system H323 by dialling IP address, so yes, you need to open H323 ports on the firewall. To dial an IP address from Jabber client, you need need no special method, just dial the IP address and make sure that interowking is enable on VCS.
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
09-11-2013 03:35 AM
Hi Paulo,
Thank you for your response.
I have additional question.
In our case, the only endpoint that is allowed to initiate a call to public IP address is the SIP endpoint registered on any of the VCS servers. So on the firewall definition we only need one way direction right?? DMZ to Internet??
Thank you for help.
Best regards,
Acevirgil
09-11-2013 05:54 AM
Yeah! That's right!
You can block H323 traffic from internet to your VCS by using the firewall, and you can keep the traffic enabled only from VCSe to Internet.
And, as you probably know, you just need to allow the IP address of VCSE in the firewall, you don't need to allow the IP address of your internal endpoints. =)
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
09-11-2013 07:00 AM
Hi Acevirgl,
To make it a little more clear, for RTP you need to open ports bi-directionally for your expressway ip-address i.e. DMZ to internet and internet to DMZ.
Rgds
Alok
09-11-2013 07:05 AM
Hi Alok,
Thanks for adding this point. I missed it out. =)
I addition, from VCSe to Internet, you must to allow Any/Any, because you don't know which RTP ports will be negotiated by the remote endpoint, and those ports are not standard like 1719, 1720, 5060 and 5061, that's you will need Any rule on the firewall.
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide