Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
802
Views
0
Helpful
3
Replies

VCS E and dual static NAT

gabriel.caclin
Level 4
Level 4

‎01-09-2013 10:09 AM - edited ‎03-18-2019 12:24 AM

Hello everbody!

I am facing a kind of design with the VCS Expressway starter kit in x7.2.1, with the dual network interface option key enabled.

I know and experienced the use of only one interface with static NAT. But there, I have to use the two physical network interface and bith with static NAT. But I didn't see any white paper regarding this design.

For exemple:

LAN 1 interface is in a DMZ, with a DMZ IP address, and conncted to a firewall in a secure network, so we are doing Static NAT on this one with one IP of this secure network.

LAN 2 interface is the LAN, connected to an ADSL router/modem, we are doing Static NAT on the public IP address.

Endpoints/user reach the DMZ without NAT, and register to the VCS: they must be able to call endpoint in the secure network, and endpoint in the Public Internet.

I attached a picture of the design to be more clear.

For this time, I just set up the registration of the Endpoint/user with the VCS, but I have a doubt about implementing this dual static NAT, that's why I ask

Thanks a lot.

Gabriel

Labels:
Preview file
60 KB
0 Helpful
3 Replies 3

Tomonori Taniguchi
Cisco Employee
Cisco Employee

‎01-09-2013 04:20 PM

Registration should works as long as there is routing configuration between LAN and 172.24.125.1/24 (VCS-E SP Ether1).

However VCS-E SP will include NAT address (10.30.0.1) in OpenLogicalChannel (for H.323 call) or SDP (for SIP call) for negotiating media channel.

Therefore, if LAN has no routing to VCS-E SP via 10.30.0.1 NAT address (LAN->FW Outside->FW DMZ), you will experience one-way audio/video conference call.

0 Helpful

gabriel.caclin
Level 4
Level 4

‎01-09-2013 11:09 PM

Thank you Tomonori,

But what I would line to confirm is, if the use of Lan 1 and Lan 2 interface with static Nat feature enabled on both is supported or not?
Because I only saw design with lan1, lan2 but only static Nat enabled on one interface.
Thanks!

Sent from Cisco Technical Support iPhone App

0 Helpful

Tomonori Taniguchi
Cisco Employee
Cisco Employee
In response to gabriel.caclin

‎01-10-2013 02:22 AM

Oh ok, I now understand your question.

Unfortunately I haven’t seen any deployment with double static  NAT configuration (although VCS allow to configure static NAT on both  LAN interfaces in current sw version) and believe we haven’t test this.

Probably I need to test this first before making comment on your question.

0 Helpful
Customers Also Viewed These Support Documents