Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1401
Views
1
Helpful
5
Replies

VCS Expressway Firewall Help

Timothy Shire
Level 4
Level 4

‎08-01-2012 10:44 AM - edited ‎03-17-2019 11:33 PM

I am Trying to comunicate the needs of the VCSe sitting in a DMZ With NIC1 - Internal 10.10.10.10 for managment and NIC2 - External NATed 192.168.200.200 NATed to Public IP.

I have came up with the attached spreadsheet.

Can anyone please review and see if there are any big mistakes or things that you would change.

Thanks in Advance.

Tim

Labels:
Preview file
19 KB
0 Helpful
5 Replies 5

Martin Koch
VIP Alumni
VIP Alumni

‎08-01-2012 10:52 AM

did not check on your file, two short remarks

* this deployment requires the dual interface option (which I would assume you have)

* the vcs nicely displays you the used ports under https:///localportlist and https:///sourceportlist

Please remember to rate helpful responses and identify

0 Helpful

Timothy Shire
Level 4
Level 4
In response to Martin Koch

‎08-01-2012 10:56 AM

Thanks for that, the File is using the Port usage details.

I am just looking to find the cleanest and clearest way to communicate this info to a firewall admin.

Thanks for the Responce, Please look at the files and provide some more feedback.

Tim

0 Helpful

Martin Koch
VIP Alumni
VIP Alumni
In response to Timothy Shire

‎08-01-2012 11:13 AM

I am not sure if I have the time to look at it, as it can be quite time consuming :-)

Anyhow, if you need a very locked down setup, some more info about the deployment

would be needed, best a would be a drawing.

Like where are endpoints located, where is the TMS, is there a VCS-C, is the TMS Agent,

who shall access the management ports and from where, ...

From what I saw on a first short look there are some not needed ports open and some which I would close.

Please remember to rate helpful responses and identify

Timothy Shire
Level 4
Level 4
In response to Martin Koch

‎08-01-2012 11:16 AM

Great feedback,

I will add a sample drawing to the file and also define the location of the other products.  I won't get to it today but i want this to be a referance tool that i can change any update for each client.

Thanks again for the feeback

Tim

0 Helpful

Alok Jaiswal
Cisco Employee
Cisco Employee
In response to Timothy Shire

‎08-02-2012 08:14 AM

Hi Timothy,

I just checked the file..i have a question..since the traversal setup is between the vcs control and Nic 1 on expressway then why you are opening the ports for NIC 2 as well from LAN to DMZ????

if that would have been the case then you would have simply used a single NIC why both the NIC?

Also i want to know what do you mean by LAN->DMZ<-->internet ??? because on the port 6001 and 7001 you mentioned this..DMZ to internet this ports are not required!!

Also you didn't mentioned the port 5061 from internet to DMZ in the file??open the 5060 TCP port from internet to DMZ as well.

i am still going through the file..if i find anything more i will let you know..

Thanks

Alok

0 Helpful
Customers Also Viewed These Support Documents