Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
957
Views
0
Helpful
7
Replies

One way video between Movi(external) to Movi(Internal by VPN)

startryst
Level 1
Level 1

‎12-09-2012 04:21 AM - edited ‎03-18-2019 12:16 AM

Hi, Experts

Movi(external) means Movi registered to VCS Expressway

Movi(Internal by VPN) means the Movi registered to VCS Control under VPN connection.

1. Movi(external) call Movi(external) successful: bi-directional audio/video

2. Movi(Internal by VPN call Movi(Internal by VPN) successful: bi-diretional audio/video

3. Movi(external) call Movi(Internal by VPN): Movi(external) couldn't receive audio/video, but Movi(Internal by VPN) can received the audio/video from MOvi(external), and when call established, the Turn relays shown 18.

4. VCS Expressway deployed in public routable IP addres without any firewall in front of it.

Labels:
0 Helpful
7 Replies 7

sekuzmin
Level 1
Level 1

‎12-09-2012 12:11 PM

Hi,

I'd recommend read throught following document and double-check Traversal zone configuration and search rules on VCSC and VCSE - Step 8 and 9. Make sure, as well, that all necessary ports are opened on firewall, between VCSC and VCSE - "Appendix 3 – Firewall and NAT configuration"

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Control_with_Expressway_Deployment_Guide_X7-2.pdf

0 Helpful

startryst
Level 1
Level 1
In response to sekuzmin

‎12-09-2012 06:49 PM

Hi, Sergey

I've checked again for the zone and search rule configuration according to that document, all configuration are correct, and btw, except traversalzone, there isn't any ports need to be configured between VCSC and VCSE, as all connections are initialed from VCSC which is the inside of the FW, and this is fully allowed from the firewall perspetive.

but anyway, thanks for your advice here.

0 Helpful

Tomonori Taniguchi
Cisco Employee
Cisco Employee

‎12-09-2012 04:10 PM

What type of VPN connection are you running on Jabber Video client PC that registered on VCS-C, split tunnel?

What happen if you disable ICE feature on Jabber Video client (disable ICE on provisioning template).

0 Helpful

startryst
Level 1
Level 1
In response to Tomonori Taniguchi

‎12-09-2012 06:51 PM

Hi, Tomonori

Anyconnect Secure Mobility Client, and yet, it's running in split tunnel mode. Is it becuase of the split tunnel?

0 Helpful

startryst
Level 1
Level 1
In response to Tomonori Taniguchi

‎12-09-2012 07:02 PM

After checking for the split tunnel, I found the setting of that is correct, and the key thing is the VCS Expressway's public IP address didn't in the split tunnel, which means, the traffic heading to TURN is out of the VPN tunnel....even the Movi client is connected to VCS Control by VPN...

0 Helpful

startryst
Level 1
Level 1
In response to Tomonori Taniguchi

‎12-09-2012 07:14 PM

Tried, disabling ICE didn't helps on this...

0 Helpful

Tomonori Taniguchi
Cisco Employee
Cisco Employee
In response to startryst

‎12-10-2012 01:38 AM

I suggest to take a diagnostic log on VCS and verify which address that Jabber Video negotiated for media traffic.

And also capture sniffer log on both sides (Jabber Video client) to verify RTP destination IP address.

0 Helpful
Customers Also Viewed These Support Documents