Cisco VCS Expressway and VCS Control Basic Configuration Deployment Guide First Published: November 2010 Last Updated: July 2016 Cisco VCS X8.8 Cisco Systems, Inc. www.cisco.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide 2
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Preface Preface Change History Table 1 Deployment Guide Change History Date Change July 2016 Republished for X8.8. November 2015 New template applied. Advanced Network Deployments appendix revised. Republished for X8.7. July 2015 Updated for X8.6. April 2015 Menu path changes for X8.5. Republished with X8.5.2. December 2014 Republished for X8.5. August 2014 Correction in firewall appendix.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Contents Preface 3 Change History 3 Introduction 7 Example Network Deployment 9 Network Elements 10 Process Summary 12 Prerequisites 13 Run the Service Setup Wizard 14 Overview 14 Task 1: Accessing and Navigating the Wizard 14 Task 2: Running the Service Setup Wizard and Applying Licenses 16 Examples for Running the Service Setup Wizard 18 VCS System Configuration 19 Task 3: Setting the System Name 19 Ta
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Zone Status 40 Registration Status 40 Call Signaling 40 Maintenance Routine 41 Creating a System Backup 41 Optional Configuration Tasks 42 Task 15: Configuring Cisco TMS (Optional) 42 Task 16: Configuring Logging (Optional) 44 Task 17: Configuring Registration Restriction Policy (Optional) 44 Task 18: Configuring Device Authentication Policy (Optional) 45 Task 19: Restricting Access to ISDN Gateways (Optional)
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide 6
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Introduction Introduction The Cisco TelePresence Video Communication Server (VCS) software simplifies session management and control of telepresence conferences. It provides flexible and extensible conferencing applications, enabling organizations to benefit from increased employee productivity and enhanced communication with partners and customers.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Introduction ■ VCS Cluster Creation and Maintenance Deployment Guide on the VCS configuration guides page ■ Cisco TMS Provisioning Extension Deployment Guide on the VCS configuration guides page ■ FindMe Express Deployment Guide on the VCS configuration guides page (to deploy FindMe with the Cisco TMSPE see the Cisco TMS Provisioning Extension Deployment Guide instead) ■ VCS IP Port Usage for Firewall Traversal on the VCS co
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Introduction Example Network Deployment Figure 1 Example Network for the Deployment Described in this Document This example includes internal and DMZ segments – in which VCS Control and VCS Expressway platforms are respectively deployed.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Introduction Network Elements Internal Network Elements The internal network elements are devices which are hosted on your local area network. Elements on the internal network have an internal network domain name. This name is not resolvable by a public DNS. For example, the VCS Control is configured with an internally resolvable name of vcsc.internal-domain.net (which resolves to an IP address of 10.0.0.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Introduction NAT Devices and Firewalls The example deployment includes: ■ NAT (PAT) device performing port address translation functions for network traffic routed from the internal network to addresses in the DMZ (and beyond — towards remote destinations on the internet). ■ Firewall device on the public-facing side of the DMZ. This device allows all outbound connections and inbound connections on specific ports.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Process Summary Process Summary Before You Begin ■ Prerequisites, page 13 Run the Service Setup Wizard ■ Task 1: Accessing and Navigating the Wizard, page 14 ■ Task 2: Running the Service Setup Wizard and Applying Licenses, page 16 ■ Examples for Running the Service Setup Wizard, page 18 VCS system configuration tasks ■ Task 3: Setting the System Name, page 19 ■ Task 4: Configuring DNS, page 19 ■ Task 5: Replacing the
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Prerequisites Prerequisites Before you begin any of the tasks in this guide, make sure that the following prerequisites are complete. General prerequisites ■ We recommend that you use the VCS web user interface to do the system configuration. This guide assumes that you are using a web browser running on a PC. The PC needs an Ethernet connection to a LAN which can route HTTP(S) traffic to the VCS.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Run the Service Setup Wizard Run the Service Setup Wizard Overview The Service Setup Wizard makes it easier to configure and license the VCS for its chosen purpose in your environment. It also simplifies the user interface. You select from a list of popular VCS services and the wizard then prompts you with the licensing requirements for those services.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Run the Service Setup Wizard Figure 2 Service Setup Wizard Example - Selection Page 15
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Task 2: Running the Service Setup Wizard and Applying Licenses Process 1. Choose VCS series. 2. Choose VCS Control or VCS Expressway. We recommend that you select VCS Control first and run the wizard for it. Then run the wizard on the VCS Expressway. The list of services changes to match what's available on your chosen Series and Type. 3. Select Services. Check the boxes next to the services you want to use on this system.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide 5. On the Option Keys page, click the Product License Registration Portal link to go to the licensing portal. (For this step you need to work away from the wizard to obtain the necessary licenses, and you need the serial number of the system.) In the licensing portal, enter the necessary details for the required licenses. Detailed information about using the licensing portal is in the online help or the VCS Administrator Guide.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Examples for Running the Service Setup Wizard Example for VCS Registrar 1. Click VCS series. 2. Click VCS Control. 3. Check Registrar. 4. Check any other compatible services that you have bought for this system. For this example, let's assume Business to business calls. (The matrix of compatible services is in the online help and the VCS Administrator Guide.) 5. Click Continue.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide VCS System Configuration VCS System Configuration Task 3: Setting the System Name The System name defines the name of the VCS. It appears in various places in the web interface and is also used by Cisco TMS. We recommend using a name that lets you easily and uniquely identify the VCS. To configure the System name: 1. Go to System > Administration. 2.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide VCS System Configuration Domain Name The Domain name is the name to append to an unqualified host name before querying the DNS server. To configure the Domain name: 1. Go to System > DNS. 2. Configure the Domain name as follows: Domain name VCS Control VCS Expressway Enter internal-domain.net Enter example.com 3. Click Save. The fully qualified domain name for the VCS Control is now vcsc.internal-domain.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide VCS System Configuration VCS Control has a fully qualified domain name of vcsc.internal-domain.net VCS Expressway has a fully qualified domain name of vcse.example.com Task 5: Replacing the Default Server Certificate For extra security, you may want to have the VCS communicate with other systems (such as LDAP servers, neighbor VCSs, or clients such as SIP endpoints and web browsers) using TLS encryption.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide VCS System Configuration The VCS allows you to install a certificate that can represent the VCS as either a client or a server in connections using TLS. The VCS can also authenticate client connections (typically from a web browser) over HTTPS. You can also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS client certificates. The VCS can generate server certificate signing requests (CSRs).
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide VCS System Configuration Task 7: Configuring SIP Domains The VCS acts as a SIP Registrar for configured SIP domains, accepting registration requests for any SIP endpoints attempting to register with an alias that includes these domains. ■ Registration restriction (Allow or Deny) rules can be configured to limit acceptable registrations. See Task 17: Configuring Registration Restriction Policy (Optional), page 44.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration Routing Configuration Pre-search Transforms Pre-search transform configuration allows the destination alias (called address) in an incoming search request to be modified. The VCS applies the transformation before any searches take place, either locally or to external zones. The pre-search transform configuration described in this document is used to standardize destination aliases originating from both H.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration The following transform modifies the destination alias of all call attempts made to destination aliases which do not contain an ‘@’. The old destination alias has @example.com appended to it, thus standardizing all called destination aliases into a SIP URI format. To configure the transform: 1. Go to Configuration > Dial plan > Transforms. 2. Click New. 3.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration 5. Click New. 6. Configure the search rule fields as follows: VCS Control VCS Expressway Rule name Enter Local zone – no domain Same as VCS Control Description Enter Search local zone for H.323 devices (strip domain) Priority Enter 48 Protocol Any Source Any Request must be authenticated No Mode Alias pattern match Pattern type Regex Pattern string Enter (.+)@example\.com.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration 7. Click Create search rule. 8. Click New.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration 9. Configure the search rule fields as follows: VCS Control VCS Expressway Rule name Enter Local zone – full URI Same as VCS Control Description Enter Search local zone for SIP and H.323 devices with a domain Priority Enter 50 Protocol Any Source Any Request must be authenticated No Mode Alias pattern match Pattern type Regex Pattern string Enter (.+)@example.com.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration ■ If an H.323 or a non-encrypted connection is also required, a separate pair of traversal zones must be configured. To configure the traversal zone: 1. Go to Configuration > Zones > Zones. 2. Click New. 3. Configure the fields as follows.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration Figure 6 VCS Control 30
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration Figure 7 VCS Expressway Configuring authentication credentials in VCS Expressway To configure the authentication credentials in the Local authentication database (configured in the VCS Expressway only), do the following: 1. Go to Configuration > Authentication > Devices > Local database. 2. Click New.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration 3. Configure the fields as follows: VCS Control VCS Expressway Name Not applicable Enter exampleauth Password Not applicable Enter ex4mpl3.c0m 4. Click Create credential. Neighboring Between VCS Clusters You can neighbor your local VCS (or VCS cluster) to a remote VCS cluster; this remote cluster could be a neighbor, traversal client, or traversal server to your local VCS.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration ■ The order in which the peers in the remote VCS cluster are listed here does not matter. ■ Whenever you add an extra VCS to a cluster (to increase capacity or improve redundancy, for example) you will need to modify any VCSs which neighbor to that cluster to let them know about the new cluster peer.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration Figure 8 Traversal Zone Search Rule on VCS Control Figure 9 Traversal Zone Search Rule on VCS Expressway 34
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration Task 12: Configuring the DNS Zone The DNS zone is used to search for externally hosted systems (such as for business to business calling). Destination aliases are searched for by a name using a DNS lookup. To configure the DNS zone: 1. Sign in to the VCS Expressway. 2. Go to Configuration > Zones > Zones. 3. Click New. 4.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration 4. Configure the fields as follows: Field name Value Rule name Enter DNS zone search rule for example Description Enter Search DNS zone (external calling) for example Priority 150 Protocol Any Source All zones Request must be authenticated No Mode Alias pattern match Pattern type Regex Pattern string Enter (?!.*@example\.com.*$).
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration Note that the regular expression used to prevent local domains being searched via the DNS zone can be broken down into the following components: (.*) = match all pattern strings (?!.*@example\.com.*$).* = do not match any pattern strings ending in @example.com In the deployment example, calls destined for @cisco.com would be searched via the DNS zone, whereas calls destined for @example.com would not.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Routing Configuration 3.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Endpoint Registration Endpoint Registration The example network configuration diagram shows three endpoints. Endpoint IP address Network EX90 10.0.0.15 Internal network EX60 10.0.0.16 Internal network EX60 192.168.0.2 Home user network After system configuration, endpoint registration should be possible using these endpoint configuration details: EX90 (uses SIP protocol) SIP URI user.one.ex90@example.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide System Checks System Checks Zone Status Go to Status > Zones on both VCS Control and VCS Expressway to check that the traversal zone is Active. You can also check the zone status in Configuration > Zones > Zones. If the traversal zone is not active, do the following: ■ Review the traversal zone configuration.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Maintenance Routine Maintenance Routine Creating a System Backup To create a backup of VCS system data: 1. Go to Maintenance > Backup and restore. 2. Optionally, enter an Encryption password with which to encrypt the backup file. If a password is specified, the same password will be required to restore the file. 3. Click Create system backup file. 4.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Optional Configuration Tasks Optional Configuration Tasks Task 15: Configuring Cisco TMS (Optional) The following configuration enables the VCS system to be integrated to a Cisco TelePresence Management Suite (Cisco TMS). Points to note: ■ Further configuration tasks are also required on Cisco TMS to fully integrate the VCS with the TMS server.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Optional Configuration Tasks To configure the necessary external manager (Cisco TMS) parameters: 1. Go to System > External manager. 2. Configure the fields as follows: VCS Control VCS Expressway Address Enter 10.0.0.14 Path Enter tms/public/external/management/ Same as VCS Control SystemManagementService.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Optional Configuration Tasks Task 16: Configuring Logging (Optional) The following configuration enables event logs to be sent to an external logging server using the SYSLOG protocol. ■ The Local event log verbosity setting controls the granularity of event logging. 1 is the least verbose, 4 the most. ■ We recommend a minimum level of 2. This provides both system and basic signaling message logging.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Optional Configuration Tasks 3. Create an allow pattern by configuring the following fields. This example limits registrations to endpoints which register with an identity that contains “@example.com”. VCS Control VCS Expressway Description Enter Only allow registrations containing “@example.com” Same as VCS Control Pattern type Regex Pattern string Enter .*@example\.com 4. Click Add Allow List pattern.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Optional Configuration Tasks By default, zones and subzones are configured as Do not check credentials. Using Delegated Credential Checking If you have enabled device authentication in your network (by using an Authentication policy of Check credentials) and you have remote workers (outside the enterprise) with SIP devices, you should consider enabling delegated credential checking.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Optional Configuration Tasks 3.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Optional Configuration Tasks 4. Click Create search rule. 5. Click New.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Optional Configuration Tasks 6. Configure the fields as follows: VCS Expressway Rule name Enter Block ISDN call for example Description Enter Blocks everything (including nonregistered endpoints) Priority Enter 41 Protocol Any Source Any Request must be authenticated No Mode Alias pattern match Pattern type Regex Pattern string Enter (9\d+)(.*)(@example.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Optional Configuration Tasks 7. Click Create search rule. VCS Control This example describes how to configure the VCS Control to stop calls that come in through the gateway, from being able to route calls back out of the gateway. To do this, you load some specially constructed CPL onto the VCS Control and configure its Call policy mode to use Local CPL. Creating a CPL File The CPL file can be created in a text editor.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Optional Configuration Tasks xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd"> PAGE 52Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Optional Configuration Tasks 1. Go to Configuration > Call Policy > Configuration. 2. Click Browse.... Select the CPL file you created in the previous step from your file system. 3. Click Upload file. — If the file upload succeeds, you see a "File upload successful" message. — If you receive an "XML invalid" message, correct the problems with the CPL file and upload it again. 4. Select a Call policy mode of Local CPL. 5.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 1: Configuration Details Appendix 1: Configuration Details This appendix summarizes the configuration required for the VCS Control and VCS Expressway.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 1: Configuration Details Configuration item Value VCS page Priority 100 Configuration > Dial plan > Search rules Source Any Configuration > Dial plan > Search rules Mode Any alias Configuration > Dial plan > Search rules On successful match Continue Configuration > Dial plan > Search rules Target TraversalZone Configuration > Dial plan > Search rules Rule name External IP address search rule Configurati
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 1: Configuration Details Configuration item Value VCS page Zone Name TraversalZone Configuration > Zones > Zones Zone Type Traversal server Configuration > Zones > Zones Client authentication username exampleauth Configuration > Zones > Zones Protocol SIP port 7001 Configuration > Zones > Zones Protocol H.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 1: Configuration Details VCS Control and VCS Expressway Configuration Details Configuration item Value VCS page Pattern string ([^@]*) Configuration > Dial plan > Transforms Pattern type Regex Configuration > Dial plan > Transforms Pattern behavior Replace Configuration > Dial plan > Transforms Replace string \1@example.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 2: DNS Records Appendix 2: DNS Records DNS Configuration on Host Server The following records are required in the external DNS which hosts the externally routable domain (example.com). This allows: ■ External endpoints registration messages to be routed to the VCS Expressway. ■ Calls from non-registered endpoints (or other infrastructure devices) to be routed to the VCS Expressway.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 2: DNS Records Local DNS A Record Host Host IP address vcsc.internal-domain.net 10.0.0.2 Local DNS SRV Records Name Service Protocol Priority Weight Port Target host internal-domain.net. h323cs tcp 10 10 1720 vcsc.internal-domain.net. internal-domain.net. h323ls udp 10 10 1719 vcsc.internal-domain.net. internal-domain.net. h323rs udp 10 10 1719 vcsc.internal-domain.net. internal-domain.net.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 3: Firewall and NAT Settings Appendix 3: Firewall and NAT Settings Internal Firewall Configuration In many deployments outbound connections (from internal network to DMZ) will be permitted by the NAT/firewall device. If the administrator wants to restrict this further, the following tables provide the permissive rules required. For further information, seeVCS IP Port Usage for Firewall Traversal. Ensure that any SIP or H.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 3: Firewall and NAT Settings later, the VCS Control retains the media traversal port range from the previous version (could be 50000 - 54999 or 36000 - 59999, depending on source version). The VCS Expressway retains the previously configured demultiplexing pair (either 2776 & 2777 or 50000 & 50001 by default, depending on upgrade path) and the switch Use configured demultiplexing ports is set to Yes.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 3: Firewall and NAT Settings Purpose Source Dest. Source IP Source port Transport protocol Dest. IP Dest. port H.323 endpoints registering with public IP addresses RAS Endpoint VCSe Any 1719 UDP 192.0.2.2 1719 Q.931/H.225 Endpoint VCSe Any >=1024 TCP 192.0.2.2 1720 H.245 Endpoint VCSe Any >=1024 TCP 192.0.2.2 15000 to 19999 RTP & RTCP Endpoint VCSe Any >=1024 UDP 192.0.2.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 3: Firewall and NAT Settings Purpose Source Dest. Source IP DNS VCSe DNS server NTP (time sync) VCSe NTP server Source port Transport protocol Dest. IP Dest. port 192.0.2.2 >=1024 UDP DNS servers 53 192.0.2.2 123 UDP NTP servers 123 It is assumed that remote H.323 devices are registering using the Assent protocol. If the devices are registering using H.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 4: Advanced Network Deployments Appendix 4: Advanced Network Deployments Prerequisites ■ Apply an Advanced Networking option key on any VCS Expressway that needs static NAT or two LAN interfaces. The Advanced Networking option is available for both the VCS Expressway and VCS Control, but only the VCS Expressway supports static NAT. ■ Disable SIP and H.323 ALGs (SIP / H.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 4: Advanced Network Deployments Figure 10 Dual Network Interfaces Deployment This deployment consists of: ■ DMZ subnet 1 – 10.0.10.0/24, containing: — the internal interface of Firewall A – 10.0.10.1 — ■ DMZ subnet 2 – 10.0.20.0/24, containing: — the external interface of Firewall B – 10.0.20.1 — ■ the LAN2 interface of the VCS Expressway – 10.0.10.2 the LAN1 interface of the VCS Expressway – 10.0.20.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 4: Advanced Network Deployments In this particular example, we want to tell the VCS Expressway that it can reach the 10.0.30.0/24 subnet behind the 10.0.20.1 firewall (router), which is reachable via the LAN1 interface. This is accomplished using the following xCommand RouteAdd syntax: xCommand RouteAdd Address: 10.0.30.0 PrefixLength: 24 Gateway: 10.0.20.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 4: Advanced Network Deployments Figure 12 Example Deployment with Static NAT on Firewall ■ NAT router with local IP address 10.0.10.1 and NAT IP address 64.100.0.10, statically NATed to 10.0.10.2 ■ VCS Expressway LAN1 (internally-facing interface) with IP address 10.0.20.2 ■ VCS Expressway LAN2 (externally-facing interface) with IP address 10.0.10.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 4: Advanced Network Deployments (64.100.0.10) and route the packet out to the Internet, so that the SIP INVITE message will have the following contents as it arrives at endpoint B: SIP INVITE Arriving at Endpoint B Packet header: Source IP: 64.100.0.10 Destination IP: 64.100.0.20 SIP payload: INVITE sip:64.100.0.20 SIP/2.0 Via: SIP/2.0/TLS 10.0.10.2:5061 Via: SIP/2.0/TLS 10.0.20.3:55938 Call-ID: 20ec9fd084eb3dd2@127.0.0.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 4: Advanced Network Deployments When the Advanced Networking key is installed on the VCS Expressway, the IP configuration page (System > Network interfaces > IP) has additional options, allowing the user to decide whether to Use dual network interfaces, to nominate which interface is the External LAN interface, to enable Static NAT mode on selected interfaces and configure an IPv4 static NAT address for each interface.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 4: Advanced Network Deployments SIP INVITE Arriving at Endpoint B - Static NAT Mode Enabled Packet header: Source IP: 64.100.0.10 Destination IP: 64.100.0.20 SIP payload: INVITE sip: 64.100.0.20 SIP/2.0 Via: SIP/2.0/TLS 10.0.10.2:5061 Via: SIP/2.0/TLS 10.0.20.3:55938 Call-ID: 20ec9fd084eb3dd2@127.0.0.1 CSeq: 100 INVITE Contact: From: "Endpoint A"
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 4: Advanced Network Deployments As per the recommendations in the Introduction section of this appendix, it is highly recommended to disable SIP and H.323 ALGs on routers/firewalls carrying network traffic to or from a VCS Expressway, as, when enabled this is frequently found to negatively affect the built-in firewall/NAT traversal functionality of the VCS Expressway itself.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 4: Advanced Network Deployments So, in this example, firewall A must allow NAT reflection of traffic coming from the VCS Control that is destined for the external address, that is 64.100.0.10, of the VCS Expressway. The traversal zone on the VCS Control must have 64.100.0.10 as the peer address. The VCS Expressway should be configured with a default gateway of 10.0.10.1.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 4: Advanced Network Deployments The VCS Expressway can be added to Cisco TMS with the IP address 10.0.10.2 (or with IP address 64.100.0.10 if FW A allows this), since Cisco TMS management communications are not affected by static NAT mode settings on the VCS Expressway.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Appendix 4: Advanced Network Deployments Figure 16 Media Path in Single NIC Static NAT Example Figure 17 Media Path in 3-port Firewall Static NAT Example 73
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Obtaining Documentation and Submitting a Service Request Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation.
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide Cisco Legal Information Cisco Legal Information THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
