Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1370
Views
0
Helpful
5
Replies

VCS Expressway placement

Go to solution
Rishu Kumar
Level 1
Level 1

‎09-28-2013 08:56 AM - edited ‎03-18-2019 01:52 AM

Hi,

I am doing a new implementation at one of client location, below are devices:

1. TMS 14.3 with tmep  1.1

2. VCS-c  x7.2.1

3. VCS-e x7.2.1

Need your suggestion on configuration of VCS-e, i don't have dule Nic card lic.

n/w goes like this client have one firewall sonicwall 4500 , 6 port. behind that having only one n/w subnet.

I have configured TMS and VCS-c and things are working fine for internal endpoints.

TMS (192.168.10.32) ---- VCS-s(192.168.10.40)----VCS-e(192.168.10.217) got static 1 to 1 net at firewall with public ip 203.x.x.x

when i am pointing traversal client zone towards local ip of VCS-e i.e 192.168.10.217 both SIP and H323 connections are ok , but i am not able to register any endpoint to VCS-e Jabber is also not able to login.

Same way if i am pointing traversal client zone towards Public ip i.e. 203.x.x.x  at VCS-s end both SIP and H.323 both protocols are up ,, but at VCS-e end only H.323 protocol is up SIP says failed. In this conf. also i am not able  to register any endpoint at VCS-e.

Please suggest if  both VCS-c and VCS-e and same subnet will work out or i need to look for some other concept.

Thanks

Rishu

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to Rishu Kumar

‎09-29-2013 05:25 AM

Are you using TLS or TCP?

Check that all the required ports are open:

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_IP_Port_Usage_for_Firewall_Traversal_Deployment_Guide_X7-2.pdf

Disable all layer-3 awareness for sip&h323 in your network., its often called ALG, Nat-Helper,

Protocol instpection, ....

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Martin Koch
VIP Alumni
VIP Alumni

‎09-28-2013 12:09 PM

If the outside IP of a VCS is NATed it requires the dual interface option kit, even if only one interface is used.

Also the communication must go to the outside ip address (in your case for example the destination for the traversal zone).

(which often causes that really the second interface will be used as well ;-)

It is handy for statistics if the VCS-E has the capability to talk to the TMS, but its not neccessary.

(that woulre require the VCS to contact the TMS on TCP/80,443

Besdies that its the in/out communication from/to the outside and the traversal zone which is only

to the VCS-E and related answers back in.

You have multiple options

* either getting the dual interface option and use NAT

* fix your network so you get a DMZ with public ips where you place the VCS-E inside.

* place the vcs in any kind of datacenter with public ips

* use a service provider to provide you vcs-e connectivity

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
Rishu Kumar
Level 1
Level 1
In response to Martin Koch

‎09-28-2013 07:25 PM

Hi Martin,

Thanks for reply, it is not possible for me t get dual interface option also i can't place VCS-e out side client location.

-lastly i have a option place it behind firewall and assign it a public IP, ans poiting traversal zone towards public IP 203.x.x.x.

in that  case at VCS-c traversal client zone both SIP and H323 protocols are up and at VCS-e SIp say " failed to connect" but H.323 to fine .

Any that i can check on that part please suggest.

Thanks

Rishu

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to Rishu Kumar

‎09-29-2013 05:25 AM

Are you using TLS or TCP?

Check that all the required ports are open:

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_IP_Port_Usage_for_Firewall_Traversal_Deployment_Guide_X7-2.pdf

Disable all layer-3 awareness for sip&h323 in your network., its often called ALG, Nat-Helper,

Protocol instpection, ....

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
Rishu Kumar
Level 1
Level 1
In response to Martin Koch

‎10-01-2013 04:14 AM

Thanks Martin,

It was somthing related to firewall , i got public IP for VCS-e and now its working.

I have one requirement from client,, they are having one Ex90 system that is used for monitoring of Hospital ICU's ,, ICU systems are C20 and dont have any monitor installed, all c20 systems are on auto answer.

Whenever Doctors from from Command center calls C20 it will getting auto answered and they can monitor full ICU.

Problem is if any one dial to C20 system from there I-pad,  from EX90 they cant connect,is there any work arround in VCS that when we are a call from command center ussing Ex90 , one to one between C20 and I-pad get disconnect and Ex90 will connect automatically.

Rishu

0 Helpful

Go to solution
Ahmed habib
Level 3
Level 3
In response to Rishu Kumar

‎08-27-2018 06:27 AM

@Rishu Kumar Can you please share the solution for this problem as I have the same deployment (Both Expressway are in the same subnet)

What are the configuration required on the Firewall ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents