Solved: Re: Some issues about video conference via public network - Cisco Community

1394

Views

0

Helpful

9

Replies

Hi all,

I have some queries that need your help:

1. Normally, I connect endpoints to MCU via local network (WAN) so everything is OK. But if I'd like to connect them to MCU via public network (for example Internet FTTH), do I need any more equipment or settings on MCU? Is Video Firewall Option neccessary?

2. Does Cisco Telepresence support VPN for remote endpoint to join video conference?

Thanks

2 Accepted Solutions

Accepted Solutions

Hi Tien!

1) If you are looking into public connectivity I would recomend you talk to a cisco (partner) sales person

to tell you a bit more about the VCS-E and VCS-C deployment.

You would need something to do proper firewall/nat traversal, not only for nat in your organization,

but also for remote users with endpoints behind a home nat router, ...

2) the endpoints and infrastrucutre do not have a vpn client, but you can sure use VPN router in between.

But be aware that video uses quite some bandwidth and packets per second so the vpn-router might

get in trouble and a vpn also adds ip overhead so you might get MTU issues.

But yes, I have seen people using Cisco Telepresence via VPNs.

Tien: Please rate the answers using the stars below!

Please remember to rate helpful responses and identify

View solution in original post

While you "could" do what you are suggesting, I don't think you would find many people here that would recommend it.

That would be a very un-secure deployment, and you would be setting yourself up to be the victim of a security breach.

From an architecture or a best-practices standpoint, you should not allow direct connectivity to infrastructure from the Internet. It would not be overly difficult to attack those devices if they are simply NATed to the Internet.

Look into getting the VCS devices and doing a more secure implementation. It will be the right thing in the long run.

Sent from Cisco Technical Support iPhone App

View solution in original post

9 Replies 9

Hi Tien!

1) If you are looking into public connectivity I would recomend you talk to a cisco (partner) sales person

to tell you a bit more about the VCS-E and VCS-C deployment.

You would need something to do proper firewall/nat traversal, not only for nat in your organization,

but also for remote users with endpoints behind a home nat router, ...

2) the endpoints and infrastrucutre do not have a vpn client, but you can sure use VPN router in between.

But be aware that video uses quite some bandwidth and packets per second so the vpn-router might

get in trouble and a vpn also adds ip overhead so you might get MTU issues.

But yes, I have seen people using Cisco Telepresence via VPNs.

Tien: Please rate the answers using the stars below!

Please remember to rate helpful responses and identify

Hi Martin,

Thanks for your reply.

As I know about VCS-C and VCS-E, they are used to connect endpoints from public network into local network (for example: WAN). But I mean that MCU and all endpoints connect together via internet (FTTH) as follows:

So is it neccessary to implement VCS-C and VCS-E?

I think we only need NAT on router at each site (both center and branch) (???)

While you "could" do what you are suggesting, I don't think you would find many people here that would recommend it.

That would be a very un-secure deployment, and you would be setting yourself up to be the victim of a security breach.

From an architecture or a best-practices standpoint, you should not allow direct connectivity to infrastructure from the Internet. It would not be overly difficult to attack those devices if they are simply NATed to the Internet.

Look into getting the VCS devices and doing a more secure implementation. It will be the right thing in the long run.

Sent from Cisco Technical Support iPhone App

Hi Michael,

I fully understand what you said. The only problem is it's very costly if I implement VCS-C and VCS-E. Do you know a better solution? I read the catalog of Cisco Telepresence Video Communication Server and see that Starter Pack Express is an alternative solution of SMBs but I'm not sure it meets my demand.

Please give me some advice.

Thanks.

While the starter pack isn't my favorite piece of gear, it will be much better than what you were suggesting.

If you can get VCS Starter Pack, then do that.

Sent from Cisco Technical Support iPhone App

Thanks Michael,

I'd like to ask you one more question: have you ever used Video Firewall Option on MCU. What's the matter if I enable second Ethernet port (port B) on MCU and directly connect all endpoints to MCU via this port. Do you think VFO can solve the issue I mentioned above?

Hi Tien

Yes. You can solve your issue then used second port of MCU (VFO).

You must purchase VFO option and assign Public IP address for second port MCU.

And on your router you will need to set up a filter of IP addresses authorized to access from the public network to the second port MCU for security and prevent ddos.

br Oleksandr

.

Martin took the words out of my mouth.

Personally, I would recommend the VCS-SP instead of the VFO option.

Talk to your partner or your Cisco rep and they'll make sure you get what you need.

Sent from Cisco Technical Support iPad App

Hi Tien!

It is important to check what your needs / requirements are, how the network looks like,

what might needs to be changed and how everything can be implemented.

I would really recomend that you talk to your cisco partner or representative to check what

is really the best kind of deployment for you.

Martin

Please remember to rate helpful responses and identify

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community