Hi Nikhil,

I agree with Oleksandr, you need to check on your network if ping failed, might be issue on network.

Regards,

Vivek

Hi Nikhil!

By not knowing your network deployment at least its not possible to say if an additional

route is needed or not.

Could you describe a bit more how your deployment looks like? Having the VCS-E on a private

ip address not the most common way and might have some implications.

Which versions do you use anyhow, I would recommend X7.2.1

Do you use any kind of nat or the dual interface option? If there is a yes please describe

even more detailed how your setup and ip flow looks like.

If you try to make a traversal zone  (or any kind of sip/h323 connections)

to the interface with enabled NAT you have to point

the remote site to the external NAT address rather then the internal ip.

There were some threads about this in the forum before so please search for it as well.

Besides that, yes, the first thing is to check that generic ip connectivity is ok

(routing, firewall). A successfull ping is a good start :-)

Also check that no ALG/L3/NAT-helper/... functionality is enabled on any of the

firewalls in between.

Looking in the event log of the vcs-c and -e and also check what the error message

of the traversal zone sais and if both h323 and sip fail.

If there is nothing obvious the diagnostic log Tomonori mentioned can help.

Check that the config is ok, the guide Vivek linked is a great start to see that your deployment is set up ok.

Common things I have seen going wrong (there might be more :-)

* network trouble (routing / firewall / algs)

* configuration trouble vcs

  * time not ok / ntp server not configured

  * wrong usernames passwords

  * not fitting traversal zone settings (ports/protocols/...)

  * wrong config on dual interface

On such problems its always good to reach out to a cisco partner or consulting company to help you.

Please rate the answers using the stars below!

Hi Martin,

Lemme explain you my network Scenario here

We have  2 networks A&B  both are the internal (private network) no internet access.

They also have VCS control & VCS expressway and there is no connection in between the two networks both are from different IP subnets and class.

And our MCU, TMS,VCS control, Gateway, content Server are with Configured with network A IP series. But now we have some endpoints which are on network B and we want them to connect through MCU, VC endpoints & movi clients which are on Network A.

So for that we have a VCS expressway which we will configure with Network A Ip Series and using a Traversal Zone between VCS control & VCS expressway we can connect the calls between the two networks.

I need to confirm as there is NO  DMZ here, where we need to place our VCS expressway and what are the ports which we need to open in this scenario between the 2 networks and our expressway is only have single port.

Kindly also Confirm whether my deployment is correct as i mentioned above.

Regards

Nikhil

Hi!

To be honest I am a bit confused about "'we´ have to networks A & B" and "they".

Could you make a drawing showing the networks, their boundaries/firewall, the VCSs, endpoints and so on?

Besides that It is perfectly fine to have a deployment using a VCS-E to bind different external networks.

All endpoints directly registered to the VCS-C need to communicate with each and towards the VCS-C

using a whole range of ports. If its a traversal call the VCS-C will bind the signaling and media to it

and passes it over the traversal zone to the VCS-E, that VCS-E can sure have an other Traversal Zone

to an other VCS-E which then can have a traversal zone to an other VCS-C.

But sure, all application layer gateways / nat helper / sip&h323-l3-functionality need to be disabled,

the proper firewall ports need to be open and there should be no nat in between the VCS-E or it needs

to be properly configured with the dual interface option.

One of the first checks would be that all the traversal zones are properly up/active

As you write "But when we are making a traversal zone between vcs control and vcs expressway its showing the link is failed."

Could you attach screenshot logs, what you exactly you see where and what you dial from where and

how your address plans look like.

Did you check out the vcsc-vcse basic deployment guide? It is important to understand the basics

like the zones / searchrules for this do make it work.

Btw, I would recommend that you ask your Cisco Partner or external consulting company to help you here.

it is always easier to see it with your own eyes :-)

Hi Martin,

i have gone through the Deployment guide and this deployment is in accordance with that only, also i'll share the network diagram of our deployment on your email.

Since no option to attach it here.

You can have a look once :-)

Regards

Nikhil