Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6506
Views
15
Helpful
5
Replies

Expressway E single NIC or Dual NIC

Hythim Ali El Hadad
Level 6
Level 6

‎06-20-2015 06:41 AM - edited ‎03-19-2019 09:43 AM

Hi,

Kindly for Jabber MRA. what is preferred: Single NIC or Dual NIC ?

 

And If I go for Dual NIC , Is there another scenarios like for media flow as media flow in traversal zone or media flow through firewall port range !!

 

Is all cases the media will be through the firewall ? or we can send the media outside of the firewall ?

 

Finally , I need to confirm that the port usage for firewall will be the same in all cases, specially for dual NIC , Expressway-E will talk to Express-C with internal interface side on DMZ. And will talk to outside with external interface side on DMZ. Am I right

 

Thanks

 

 

Labels:
0 Helpful
5 Replies 5

Manish Gogna
Cisco Employee
Cisco Employee

‎06-21-2015 04:10 AM

Hi Hythim,

The requirement for dual-nic is explained on pages 45-49 of the Expressway deployment guide

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Basic-Configuration-Deployment-Guide-X8-1.pdf

 

For port usage you can refer the following doc

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-IP-Port-Usage-for-Firewall-Traversal-Deployment_Guide-X8-1.pdf

 

HTH

Manish

 

Hythim Ali El Hadad
Level 6
Level 6
In response to Manish Gogna

‎06-21-2015 05:41 AM

Hi Manish,

 

thanks for your reply

i need to to know the best place to put the Exp-E and if static NAT affect the incoming calls or not ?

So

Is it preferred to put Exp-E in public outside the firewall or not recommended

or to put it in DMZ and do static NAT . Is the NAT will affect high volume traffic performance and calls quality?

 

or to use public IPs in DMZ is better ?

 

thanks

0 Helpful

Chris Deren
Hall of Fame
Hall of Fame
In response to Hythim Ali El Hadad

‎06-21-2015 08:15 AM

Typical deployment is LAN1 connected to "Transit DMZ" separated by firewall between internal network, including Exp-C server. And LAN2 connected to "Services DMZ" which is either using public addresses (rarely) or doing static NAT (most common). As a side note NATing on LAN1 (transit DMZ) is not supported.

You could put LAN1 in internal voice subnet, but that is not recommended due to mostly security concerns.

Hythim Ali El Hadad
Level 6
Level 6
In response to Chris Deren

‎06-21-2015 08:21 AM

Great

So is it better to use static NAT or public IP in DMZ For Exp-E ?

 

I care if static NAT may affect performance if call volume increase !!

 

thanks

 

0 Helpful

Chris Deren
Hall of Fame
Hall of Fame
In response to Hythim Ali El Hadad

‎06-21-2015 08:38 AM

If you have available public IP address and can assign directly to the LAN2 interface, great. But all deployments I've done or seen were using NAT.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents