Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1713
Views
0
Helpful
2
Replies

VCS Expressway dual Nic and administration

Go to solution
Jose_DA-SILVA
Level 1
Level 1

‎09-19-2012 01:35 PM - edited ‎03-17-2019 11:49 PM

Hi,

We plan to install a VCS Expressway Cluster in a DMZ.

Our network team requires us to have a dedicated network interface for administration because the management is operated behind another firewall.

We ave a dual nic option, do you think it's possible to use an interface connected to the DMZ and a second dedicated to admnistration and replication cluster (as you can see in attached) ?

Thanks

José

Labels:
Preview file
40 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tomonori Taniguchi
Cisco Employee
Cisco Employee

‎09-19-2012 07:39 PM

VCS can be managed from both network interfaces.

Using “firewall rules” configuration introduce in X7.2 release, you may restrict service on specific network interface (allow/deny base configuration on IP address and port range).

Important that cluster configuration must use Ethernet 1 IP address.

Clustering peer communication use Ethernet 1 IP address between VCSs and also alternative IP address included in ACF will use it.

Based on network diagram snapshot seem VCS-E are connecting different network directly not connecting same switch.

If this is correct, then cluster communication will go through firewall/internet which is fine but delay must be within 30 ms.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Tomonori Taniguchi
Cisco Employee
Cisco Employee

‎09-19-2012 07:39 PM

VCS can be managed from both network interfaces.

Using “firewall rules” configuration introduce in X7.2 release, you may restrict service on specific network interface (allow/deny base configuration on IP address and port range).

Important that cluster configuration must use Ethernet 1 IP address.

Clustering peer communication use Ethernet 1 IP address between VCSs and also alternative IP address included in ACF will use it.

Based on network diagram snapshot seem VCS-E are connecting different network directly not connecting same switch.

If this is correct, then cluster communication will go through firewall/internet which is fine but delay must be within 30 ms.

0 Helpful

Go to solution
Jose_DA-SILVA
Level 1
Level 1
In response to Tomonori Taniguchi

‎09-20-2012 01:31 PM

Thank you very much Tomonori.

0 Helpful
Customers Also Viewed These Support Documents