06-20-2015 06:41 AM - edited 03-19-2019 09:43 AM
Hi,
Kindly for Jabber MRA. what is preferred: Single NIC or Dual NIC ?
And If I go for Dual NIC , Is there another scenarios like for media flow as media flow in traversal zone or media flow through firewall port range !!
Is all cases the media will be through the firewall ? or we can send the media outside of the firewall ?
Finally , I need to confirm that the port usage for firewall will be the same in all cases, specially for dual NIC , Expressway-E will talk to Express-C with internal interface side on DMZ. And will talk to outside with external interface side on DMZ. Am I right
Thanks
06-21-2015 04:10 AM
Hi Hythim,
The requirement for dual-nic is explained on pages 45-49 of the Expressway deployment guide
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Basic-Configuration-Deployment-Guide-X8-1.pdf
For port usage you can refer the following doc
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-IP-Port-Usage-for-Firewall-Traversal-Deployment_Guide-X8-1.pdf
HTH
Manish
06-21-2015 05:41 AM
Hi Manish,
thanks for your reply
i need to to know the best place to put the Exp-E and if static NAT affect the incoming calls or not ?
So
Is it preferred to put Exp-E in public outside the firewall or not recommended
or to put it in DMZ and do static NAT . Is the NAT will affect high volume traffic performance and calls quality?
or to use public IPs in DMZ is better ?
thanks
06-21-2015 08:15 AM
Typical deployment is LAN1 connected to "Transit DMZ" separated by firewall between internal network, including Exp-C server. And LAN2 connected to "Services DMZ" which is either using public addresses (rarely) or doing static NAT (most common). As a side note NATing on LAN1 (transit DMZ) is not supported.
You could put LAN1 in internal voice subnet, but that is not recommended due to mostly security concerns.
06-21-2015 08:21 AM
Great
So is it better to use static NAT or public IP in DMZ For Exp-E ?
I care if static NAT may affect performance if call volume increase !!
thanks
06-21-2015 08:38 AM
If you have available public IP address and can assign directly to the LAN2 interface, great. But all deployments I've done or seen were using NAT.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide