Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
5
Helpful
1
Replies

VCS-E on vmware in the dmz - trunk required ?

ripcisco
Level 1
Level 1

‎05-22-2014 05:38 AM - edited ‎03-18-2019 03:01 AM

Hello,

I am installing VCS to enable vpnless remote jabber on CUCM9.1

I have refered to Cisco TelePresenceVideo Communication Server Basic Configuration (Control with Expressway) Deployment Guide which refers to designs with 2 x ASAs. In the advanced networking section (Appendix 4: Advanced network deployments) it refers to having a VCS-E in the DMZ but with 2 x interfaces (lan1 & lan2) and this requires the Dual Interface option key but it refers to a hardware appliance with 2 x physical lan ports.

My question is is this deployment supported on vmware ? So, i have a single vmware host with a single ethernet to my asa but this needs to have 2 x lan ports on it so i have to trunk this to the asa (with internal & dmz vlans) ? I can then put a internal IP on lan1 and the nat'd dmz ip address on lan2. Apply the dual nic license. When i install vcs-e it will see the lan1 & lan2 and nat between them.

 

Thanks in advance,

 

PC

Labels:
0 Helpful
1 Reply 1

heathrw
Level 4
Level 4

‎05-22-2014 06:14 PM

Yes you can have a single physical interface on the host, create a vSwitch for each VLAN (Internal & External) and assign them to the relevant vNICS on the Expressway-E (or VCS-E).

 

Just need to note that you may need to add static routes to the DMZ expressway so it can access your internal network (VCS Control/ExpresswayC, DNS, NTP, etc) , example below

xconfig IP Route 1 address: "10.0.0.0"
xconfig IP Route 1 prefixlength: 8
xconfig IP Route 1 gateway: "10.1.1.1"
xconfig IP Route 1 interface: LAN2 (or LAN1 if that is your internal)

xconfig IP Route 2 address: "172.16.0.0"
xconfig IP Route 2 prefixlength: 16
xconfig IP Route 2 gateway: "10.1.1.1"
xconfig IP Route 2 interface: LAN2 (or LAN1 if that is your internal)

 

To make things a bit more secure is if you have a DMZ switch, look at setting private VLANs set a private VLAN for two separate ports and connect them to two separate ASA ports. Then have a Dot1Q to the host.

 

good luck!, please rate helpful posts.

 

 

 

 

 

Customers Also Viewed These Support Documents