Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2033
Views
5
Helpful
3
Replies

VCS expressway firewall rules

Go to solution
nuinoahmed
Level 1
Level 1

‎11-06-2013 12:37 AM - edited ‎03-18-2019 02:05 AM

Hello,

I just need your confirmation about the following setup.

VCSC ------  FW ------- Internet

                        |

                        |

                    VCSE

We are using Dual Nic option key with NAT.

VCS expressway wil be connected with only 1 LAN interface to FW.  It will have a private ip address.  Firewall will be Natting the VCSE private ip address to a public ip address.

When updating the FW rules as per following link:

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X7-1.pdf

Appendix 3 - Page 55-58

What VCS expressway  ip address do you need to use for FW rules?  private or public one?

Thanks in advance.

Ahmed

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Martin Koch
VIP Alumni
VIP Alumni

‎11-06-2013 04:31 AM

Hi Ahmed!

If you use the VCS-E with the dual interface option for NAT with only one interface all communication,

from the internet and from your internal network have to go to the _public_ ip address, not the private

one. So its not only on the firewall, but also the destination for the traversal zone on the VCS-C.

Regards your firewall it will depend on what your firewall needs to have configured.

Some firewalls (or at least the admins/users) seem to have issues getting the vcs-e reached from intenal on the

external ip. If this is an issue you would need to use the secondary interface of the vcs and define an additional

dmz.

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

View solution in original post

3 Replies 3

Go to solution
Martin Koch
VIP Alumni
VIP Alumni

‎11-06-2013 04:31 AM

Hi Ahmed!

If you use the VCS-E with the dual interface option for NAT with only one interface all communication,

from the internet and from your internal network have to go to the _public_ ip address, not the private

one. So its not only on the firewall, but also the destination for the traversal zone on the VCS-C.

Regards your firewall it will depend on what your firewall needs to have configured.

Some firewalls (or at least the admins/users) seem to have issues getting the vcs-e reached from intenal on the

external ip. If this is an issue you would need to use the secondary interface of the vcs and define an additional

dmz.

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

Go to solution
nuinoahmed
Level 1
Level 1
In response to Martin Koch

‎11-06-2013 07:57 AM

Thanks Martin,

We suggested to customer the option to use the second interface but he prefer to use only one.  So FW admin will have to make it working with public ip address :-)

So I will ask for FW rules using the public ip address.

Best regards,

Ahmed

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to nuinoahmed

‎11-06-2013 10:51 AM

Hi Ahmed!

Thank you for your feedback! (+5 for you).

Yes, and I would not be surprised if it will end up of the customer using a second dmz and the second interface ;-)

VCS-C - FW - (1) VCS-E (2) - FW - Internet

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

0 Helpful
Customers Also Viewed These Support Documents