05-25-2012 02:54 AM - edited 03-17-2019 11:13 PM
Hi All,
i need some informations or dokcuments, how to set the Cisco ASA FW with VCS Expressway.
It will be great.
Thank you for your Feedback
05-25-2012 03:35 AM
Hi,
I would recommend that you check out
http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X7-1.pdf, this guide covers both the VCS side of the configuration as well as having an appendix for Firewall/NAT configurations.
In general, with regards to a traversal zone between a VCS Control and Expressway, you don't want the firewall in between these to perform any H323 or SIP ALG functionality for the traversal zone traffic as this might interfere with the built-in firewall/NAT traversal capabilitiy of the VCS itself.
- Andreas
05-25-2012 03:38 AM
Hi,
I am not sure whether there exists any such specific document. The firewall configuration is similar to any other except that the ports that need to opened up should be specific to the VCS expressway requirements and just few consideration like whether you place in the DMZ only, DMZ with static NATs.
So I would recommend to look into Firewall and NAT config section in this link :
http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X7-1.pdf along with the ASA guide for configuring the firewall.
Thanks,
Sudheer
10-14-2014 12:43 PM
I'm having the same problem with X8.2 and an ASA 5520.
The ASA is built as a 3 port firewall (inside, outside, DMZ). The interface for the DMZ is cut into 8 subinterfaces. (Fa2.1, Fa2.2,Fa2.3, etc...)
I configured the Expressway C VM and placed it on the inside interface, and I can access it via HTTP, no problem.
I built a static 1:1 NAT statement and configured the Expressway E VM, and placed it on one of the DMZ interfaces, and cannot access it via the outside or DMZ IP address. I can see the traffic being allowed on the firewall., but it is never responded to.
Appendix 4 of Cisco Expressway Basic Configuration Deployment Guide for X8.2 shows an example of this on page 53, and states that NAT redirection is not supported by all types of firewalls.
I've opened a TAC case, and have not received any updates.
10-27-2014 03:42 AM
Hi,
I am facing the same issue, did you found how to configure Cisco ASA ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide