Manual
Table Of Contents
- Preface
- Introduction
- Process Summary
- Prerequisites
- Run the Service Setup Wizard
- VCS System Configuration
- Routing Configuration
- Pre-search Transforms
- Search Rules
- Task 8: Configuring Transforms
- Task 9: Configuring Local Zone Search Rules
- Task 10: Configuring the Traversal Zone
- Neighboring Between VCS Clusters
- Task 11: Configuring Traversal Zone Search Rules
- Task 12: Configuring the DNS Zone
- Task 13: Configuring DNS Zone Search Rules
- Task 14: Configuring External (Unknown) IP Address Routing
- Endpoint Registration
- System Checks
- Maintenance Routine
- Optional Configuration Tasks
- Appendix 1: Configuration Details
- Appendix 2: DNS Records
- Appendix 3: Firewall and NAT Settings
- Appendix 4: Advanced Network Deployments
- Obtaining Documentation and Submitting a Service Request
- Cisco Legal Information
- Cisco Trademark
(64.100.0.10) and route the packet out to the Internet, so that the SIP INVITE message will have the following
contents as it arrives at endpoint B:
SIP INVITE Arriving at Endpoint B
Packet header:
Source IP: 64.100.0.10
Destination IP: 64.100.0.20
SIP payload:
INVITE sip:64.100.0.20 SIP/2.0
Via: SIP/2.0/TLS 10.0.10.2:5061
Via: SIP/2.0/TLS 10.0.20.3:55938
Call-ID: 20ec9fd084eb3dd2@127.0.0.1
CSeq: 100 INVITE
Contact: <sip:EndpointA@10.0.20.3:55938;transport=tls>
From: "Endpoint A" <sip:EndpointA@cisco.com>;tag=9a42af
To: <sip:64.100.0.20>
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 2825
v=0
s=-
c=IN IP4 10.0.10.2
b=AS:2048
…
…
…
As can be seen from the example above, endpoint B will see that the SIP INVITE was received from IP 64.100.0.10
(NAT router), so the endpoint will know where to send its reply messages for the INVITE itself.
The c-line within the SDP of the SIP INVITE is however still set to c=IN IP4 10.0.10.2, which means that endpoint B
will attempt to send RTP media to the IP address 10.0.10.2, an address which is not routable on the Internet.
The result in this scenario will therefore be that endpoint A will never receive media sent by endpoint B (while
endpoint B will normally receive media from endpoint A, since endpoint B is assigned with a publicly routable IP
address).
Similar behavior will be seen in H.323 calls, since H.323 uses the same principles as SIP in terms of embedding IP
address and port references within the message payload.
How Does VCS Expressway Address This Challenge?
To ensure that call signaling and media connectivity remains functional in scenarios where the VCS Expressway is
deployed behind a NAT (as in the example above), the VCS Expressway will have to modify the parts of SIP and H.323
messages which contain references to its actual LAN2 network interface IP address (10.0.10.2) and replace these
with the public NAT address of the NAT router (64.100.0.10).
This can be achieved by enabling Static NAT mode on selected network interfaces on the VCS Expressway. The
Static NAT mode feature on the VCS Expressway is made available with the Advanced Networking option key.
This option key allows the use of two network interfaces (LAN1 and LAN2), and on a VCS Expressway it allows Static
NAT mode to be enabled on one or both of these interfaces. You do not have to use both interfaces, but we
recommend that you do. If you choose to use a single interface, and enable static NAT on that interface, read Why
We Advise Against Using These Types of Deployment, page 72.
When static NAT has been enabled on an interface, the VCS will apply static NAT for all outbound SIP and H.323
traffic for this interface, which means that H.323 and SIP devices have to communicate with this interface using the
static NAT address rather than the local interface address.
67
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide
Appendix 4: Advanced Network Deployments