Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3425
Views
0
Helpful
4
Replies

VCS Expressway with Cisco ASA

rasimyigit
Level 1
Level 1

‎05-25-2012 02:54 AM - edited ‎03-17-2019 11:13 PM

Hi All,

i need some informations or dokcuments, how to set the Cisco ASA FW with VCS Expressway.

It will be great.

Thank you for your Feedback           

1 person had this problem
Labels:
0 Helpful
4 Replies 4

awinter2
Level 7
Level 7

‎05-25-2012 03:35 AM

Hi,

I would recommend that you check out

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X7-1.pdf, this guide covers both the VCS side of the configuration as well as having an appendix for Firewall/NAT configurations.

In general, with regards to a traversal zone between a VCS Control and Expressway, you don't want the firewall in between these to perform any H323 or SIP ALG functionality for the traversal zone traffic as this might interfere with the built-in firewall/NAT traversal capabilitiy of the VCS itself.

- Andreas

0 Helpful

Sudheer Kumar
Cisco Employee
Cisco Employee

‎05-25-2012 03:38 AM

Hi,

I am not sure whether there exists any such specific document. The firewall configuration is similar to any other except that the ports that need to opened up should be specific to the VCS expressway requirements and just few consideration like whether you place in the DMZ only, DMZ with static NATs.

So I would recommend to look into Firewall and NAT config section in this link :

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X7-1.pdf along with the ASA guide for configuring the firewall.

Thanks,

Sudheer

0 Helpful

David Fitzgerald
Level 1
Level 1

‎10-14-2014 12:43 PM

I'm having the same problem with X8.2 and an ASA 5520.

The ASA is built as a 3 port firewall (inside, outside, DMZ).  The interface for the DMZ is cut into 8 subinterfaces. (Fa2.1, Fa2.2,Fa2.3, etc...)

 

I configured the Expressway C VM and placed it on the inside interface, and I can access it via HTTP, no problem.

 

I built a static 1:1 NAT statement and  configured the Expressway E VM, and placed it on one of the DMZ interfaces,  and cannot access it via the outside or DMZ IP address.  I can see the traffic being allowed on the firewall., but it is never responded to.

Appendix 4 of Cisco Expressway Basic Configuration Deployment Guide for X8.2 shows an example of this on page 53, and states that NAT redirection is not supported by all types of firewalls.

I've opened a TAC case, and have not received any updates.

 

0 Helpful

guy.richard
Level 1
Level 1
In response to David Fitzgerald

‎10-27-2014 03:42 AM

Hi,

I am facing the same issue,  did you found how to configure Cisco ASA ?

0 Helpful
Customers Also Viewed These Support Documents