cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1393
Views
0
Helpful
9
Replies

Some issues about video conference via public network

Nguyentiendung
Level 1
Level 1

Hi all,

I have some queries that need your help:

1. Normally, I connect endpoints to MCU via local network (WAN) so everything is OK. But if I'd like to connect them to MCU via public network (for example Internet FTTH), do I need any more equipment or settings on MCU? Is Video Firewall Option neccessary?

2. Does Cisco Telepresence support VPN for remote endpoint to join video conference?

Thanks

2 Accepted Solutions

Accepted Solutions

Martin Koch
VIP Alumni
VIP Alumni

Hi Tien!

1) If you are looking into public connectivity I would recomend you talk to a cisco (partner) sales person

to tell you a bit more about the VCS-E and VCS-C deployment.

You would need something to do proper firewall/nat traversal, not only for nat in your organization,

but also for remote users with endpoints behind a home nat router, ...

2) the endpoints and infrastrucutre do not have a vpn client, but you can sure use VPN router in between.

But be aware that video uses quite some bandwidth and packets per second so the vpn-router might

get in trouble and a vpn also adds ip overhead so you might get MTU issues.

But yes, I have seen people using Cisco Telepresence via VPNs.

Tien: Please rate the answers using the stars below!

Please remember to rate helpful responses and identify

View solution in original post

While you "could" do what you are suggesting, I don't think you would find many people here that would recommend it.

That would be a very un-secure deployment, and you would be setting yourself up to be the victim of a security breach.

From an architecture or a best-practices standpoint, you should not allow direct connectivity to infrastructure from the Internet. It would not be overly difficult to attack those devices if they are simply NATed to the Internet.

Look into getting the VCS devices and doing a more secure implementation. It will be the right thing in the long run.

Sent from Cisco Technical Support iPhone App

View solution in original post

9 Replies 9

Martin Koch
VIP Alumni
VIP Alumni

Hi Tien!

1) If you are looking into public connectivity I would recomend you talk to a cisco (partner) sales person

to tell you a bit more about the VCS-E and VCS-C deployment.

You would need something to do proper firewall/nat traversal, not only for nat in your organization,

but also for remote users with endpoints behind a home nat router, ...

2) the endpoints and infrastrucutre do not have a vpn client, but you can sure use VPN router in between.

But be aware that video uses quite some bandwidth and packets per second so the vpn-router might

get in trouble and a vpn also adds ip overhead so you might get MTU issues.

But yes, I have seen people using Cisco Telepresence via VPNs.

Tien: Please rate the answers using the stars below!

Please remember to rate helpful responses and identify

Hi Martin,

Thanks for your reply.

As I know about VCS-C and VCS-E, they are used to connect endpoints from public network into local network (for example: WAN). But I mean that MCU and all endpoints connect together via internet (FTTH) as follows:

So is it neccessary to implement VCS-C and VCS-E?

I think we only need NAT on router at each site (both center and branch) (???)

While you "could" do what you are suggesting, I don't think you would find many people here that would recommend it.

That would be a very un-secure deployment, and you would be setting yourself up to be the victim of a security breach.

From an architecture or a best-practices standpoint, you should not allow direct connectivity to infrastructure from the Internet. It would not be overly difficult to attack those devices if they are simply NATed to the Internet.

Look into getting the VCS devices and doing a more secure implementation. It will be the right thing in the long run.

Sent from Cisco Technical Support iPhone App

Hi Michael,

I fully understand what you said. The only problem is it's very  costly if I implement VCS-C and VCS-E. Do you know a better solution? I  read the catalog of Cisco Telepresence Video Communication Server and  see that Starter Pack Express is an alternative solution of SMBs but I'm  not sure it meets my demand.

Please give me some advice.

Thanks.

While the starter pack isn't my favorite piece of gear, it will be much better than what you were suggesting.

If you can get VCS Starter Pack, then do that.

Sent from Cisco Technical Support iPhone App

Thanks Michael,

I'd like to ask you one more question: have you ever used Video Firewall Option on MCU. What's the matter if I enable second Ethernet port (port B) on MCU and directly connect all endpoints to MCU via this port. Do you think VFO can solve the issue I mentioned above?

Hi Tien

Yes. You can solve your issue then used second port of MCU (VFO).

You must purchase VFO option and assign Public IP address for second port MCU.

And on your router you will need to set up a filter of IP addresses authorized to access from the public network to the second port MCU for security and prevent ddos.

br Oleksandr

.

Martin took the words out of my mouth.

Personally, I would recommend the VCS-SP instead of the VFO option.

Talk to your partner or your Cisco rep and they'll make sure you get what you need.

Sent from Cisco Technical Support iPad App

Martin Koch
VIP Alumni
VIP Alumni

Hi Tien!

It is important to check what your needs / requirements are, how the network looks like,

what might needs to be changed and how everything can be implemented.

I would really recomend that you talk to your cisco partner or representative to check what

is really the best kind of deployment for you.

Martin

Please remember to rate helpful responses and identify