12-07-2011 04:36 PM - edited 03-17-2019 10:39 PM
Just about to embark on a pretty simple video deployment for a customer next week and I have a couple questions about the 4501 and also encrypting traffic.
8 Quickset C20's at remote locations
VCS Control, 4501 MCU, TMS - installed on common vlan at central site.
dedicated MPLS WAN for connectivity between all locations - no other traffic on these links but telepresence.
the network admin at my customer site made comment about potentially installing the bridge outside the firewall apart from the endpoints.
In all the reading material I can find, there's not much documentation on video bridges living outside of a firewall. My thought is dont do it...why complicate matters.
Other question is about the merits of enabling encryption between the C20's and the VCS, as well as the C20's and the MCU.
If all the equipment ends up on a private IP cloud - my goal is to push the customer to deploy everything behind a firewall so as not to complicate the deployment. But if he insists, we would have to poke holes through firewall for the sip signalling and the range of dynamic ports for the rtp media.
Does anyone have any strong opinion about this one way or the other?
Thanks,
Paul
12-08-2011 02:11 AM
Hi
As you sated it is better not to have the firewall in the video path
However if the customer want to then it is possible by making sure you have the right nat and inspection co figured in the firewall
Below link for pix old version of Asa but the concept still apply
By default Port B is disabled on the Cisco TelePresence product. The activation of the video firewall feature allows Port B to be enabled. In a video firewall deployment, one of the ports is connected to the local network (typically Port A) and the other (typically Port B because Port B cannot use DHCP) is connected to the Internet. This allows the MCU to host conferences with a mix of participants from the internal and external networks. This does not compromise your network security because the MCU will never route packets between the two ports, not even media packets.
Ports:
Hope this help
If helpful rate
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide