Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
1
Replies

Neighboured VCS controls not routing SIP traffic

Darren McKinnon
Level 1
Level 1

‎02-20-2013 05:57 PM - edited ‎03-18-2019 12:37 AM

I need some help understanding something. I had tried to neighbour my VCS control with another organization's VCS control. We share the same WAN, and we each have firewalls in place. Both organization's network guys put in rules to allow all traffic to/from both VCSs, and we were able to set up the neighbour zones no problem. We created search rules for testing with priority of 1, and all was looking good.

H.323 calls were working fine, but SIP calls were not. We could see that the SIP traffic hitting the firewalls was from the endpoints and not being routed through the VCS. Call routed mode was set to always on both VCSs.

My cisco CSE told me that because we were traversing firewalls we should have set up a traversal zone between my VCSe and their VCS Control. I believe him, but I don't really understand why. Since routes were in place to open up the firewalls, then why wouldn't it work? Why was what we did okay for H323, but not SIP?

Can someone try to explain this further to me? Thanks in advance!

Sent from Cisco Technical Support iPad App

Labels:
0 Helpful
1 Reply 1

Martin Koch
VIP Alumni
VIP Alumni

‎02-21-2013 06:46 AM

first it would be neccessary to know more about your deployment.

Different endpoints, different protocols, different search rules, different configuration, different networks, ...

all that can lead to different behaviror :-)

Reading here in the forum and the deployment/admin guides can help you understand over time better how

things are related to each other.

First of all, if both networks are not transparent to each other, which means routed network with not NAT, 

and a whole bunch of ports open in between all components (EndpointA->VCSC-A->VCSC-B-EndpointB)

you can not use a neigbor zone out of the box as it will end up with problems.

If there is NAT or you can not open up all the needed ports directly in between endpoint A&B you will need a traversal  zone in between these two networks.

If it should be a transparent network and its not working. its often a firewall, especially their L3 functionality

which breaks it.

If its a NATed or shut down firewalled network, in some scenarios calls might still get through, for example interworking

forces a traversal call, even if two VCS-C are involved. But that one thing works does not mean that this is

the right deployment.

Consider asking your Cisco Partner or an external consultant to help you on that or if you have time

read and get some courses to better understand whats going on :-)

Please remember to rate helpful responses and identify

0 Helpful
Customers Also Viewed These Support Documents