Solved: Re: VCS Expressway On Internal Network

em6557 · ‎02-06-2013

I have a customer that wants to deploy the VCSE on the internal network with a VCS. The VCSE has the dual network option. Customer has carved out separate Vlans for the VCSE/VCSC. And will NAT LAN2 of the VCSE on firewall. All NICS will terminate on same L3 switch. Question is solution doable?

Justin Ferello · ‎02-06-2013

emm,

That should be fine, just remember that if they use only the one port on the VCS-E and NAT to that then the VCS-C has to point to the public IP of the VCS-E, which means you have to enable hairpinning on the firewall. Then the VLAN that the VCS-C is connected to would need to be able to get out to the firewall to get to the public IP of the VCS-E.

If you decide to use both ports on the VCS-E then you would need (3) VLANs. The VCS-C would point to the internal VLAN of the VCS-E.

Justin

Sent from Cisco Technical Support iPad App

Thank you,
Justin Ferello
Technical Support Specialist, ScanSource KBZ

View solution in original post

Martin Koch · ‎02-07-2013

Yes, it should work. Most deployments prefer to have a firewall in between the VCS-C and VCS-E.

If I see it right all video stuff is in your vlan9 (and there is possibly a typo as the vlan 9 and 20 ip is both the same).

All communication from your internal components (like vcs-c and tms) which need to talk internally

to the VCS-E would use the 192.168.9.6.

All communication to your LAN2 port would have to go to 38.x.x.x

Please remember to rate helpful responses and identify

View solution in original post

Martin Koch · ‎02-06-2013

In general it is possible, but depends on the traffic flow, NAT and design of your solution.

You find some information in the forum regards nat / the dual interface option.

Some major things. If both ports are used, they can not be in the same logical network.

If NAT is used it has to be configured on the VCS and all devices trying to communicate

with that interface have to address it via the external NAT IP.

If the VCS needs to be clustered, it can not be on a port with NAT.

If that did not fully help you, you might want to draw a network chart to show how the network is exactly

set up and how the traffic flows.

Please remember to rate helpful responses and identify

em6557 · ‎02-06-2013

Attached is the diagram of the setup.

Justin Ferello · ‎02-06-2013

emm,

That should be fine, just remember that if they use only the one port on the VCS-E and NAT to that then the VCS-C has to point to the public IP of the VCS-E, which means you have to enable hairpinning on the firewall. Then the VLAN that the VCS-C is connected to would need to be able to get out to the firewall to get to the public IP of the VCS-E.

If you decide to use both ports on the VCS-E then you would need (3) VLANs. The VCS-C would point to the internal VLAN of the VCS-E.

Justin

Sent from Cisco Technical Support iPad App

Thank you,
Justin Ferello
Technical Support Specialist, ScanSource KBZ

Martin Koch · ‎02-07-2013

Yes, it should work. Most deployments prefer to have a firewall in between the VCS-C and VCS-E.

If I see it right all video stuff is in your vlan9 (and there is possibly a typo as the vlan 9 and 20 ip is both the same).

All communication from your internal components (like vcs-c and tms) which need to talk internally

to the VCS-E would use the 192.168.9.6.

All communication to your LAN2 port would have to go to 38.x.x.x

Please remember to rate helpful responses and identify