VCS Expressway & movi 4.2 configuration

Answered Question
Sep 1st, 2011

Dear all,

I have created movi account manually in the TMS, and it work fine with VCS - control.

However, It can't register to VCS-expressway. Is it compulsory to have a Name Authority Pointer record in DNS?

For example, we configure abc.com as SIP domain of VCS expressway,is it compulsory to resolve abc.com as public IP address of VCS expressway by DNS server?

Thank you,

Ben

I have this problem too.
0 votes
Correct Answer by Marwan ALshawi about 2 years 7 months ago

thats mean you are not nating to the AMZ just direct to the Public IP of the VCSE

if this is the case at lease you should see registration attempts if nothing can be seen then you need to look into the firewall level

is it ASA ? try tp do packet capture and see why you arew not hitting the VCSE using SIP

as it might be firewall issue !

HTH

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
Anthony Thomson Thu, 09/01/2011 - 10:00

Not as far as I know.  I can't test it right now though.  Are you even seeing the registration attempt in the logs of the Expressway?

If you're not seeing that, then check out your Movi config to make sure the External VCS FQDN or IP is correct.  If that's correct, you should at least see the registration attempt.   If not...there must be something blocking it.  Is your expressway unblocked (i.e. no network filtering devices like a firewall in the way)?  Movi registers in the 50,000+ port range.

arbenjamin Thu, 09/01/2011 - 10:06

Hi  Anthony Thomson,

I have checked the VCS Expressways, and there isn't any registration attempts.

The VCS Expressways is configured with public IP address, and I will take your suggestions to check any blocking issue.

Thank you a lot,

Ben

Marwan ALshawi Thu, 09/01/2011 - 18:53

Hi Ben,

first of all not sure if you are registering the endpoints from external to the VCS expressway or you just using the VCSE as SIP proxy

in anyway

form external you need to have the external DNS to resolve the SIP domain to the VCS express way + the VCS expressway (external ) name has to resolve the name to the express way public IP

if you VCSE in the DMZ and you ar eusing 1 interface i recommend you to use direct Public IP and do not NAT from the public Internet to the DMZ VCSE IP

http://www.cisco.com/en/US/docs/telepresence/infrastructure/articles/vcs_benefits_placing_expressway_dmz_not_public_internet_kb_196.shtml

your DNS has to have DNS SRV records for th SIP signaling

please refer to the the deployment example bellow which i am sure it will be helpful

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X5.pdf

HTH

if helpful Rate

arbenjamin Fri, 09/02/2011 - 08:49

We are registering the endpoints from external to the VCS expressway that configured with a public address.

Also, we do not have the DNS resolving service because our equipment is configured as a lab environment. Do anyone knows any free DNS service?    

Oleksandr Yurchenko Fri, 09/02/2011 - 13:05

Movi can use IP or DNS addresses to locate the Cisco VCSs.

You need a DNS entry if you are waiting a call from a endpoint that is not registered on your VCS...

or if you need to make calls using DNS zone to endpoints from "another" VCS.

BR. Oleksandr

Marwan ALshawi Sun, 09/04/2011 - 01:17

if this is a lab then

- are using VCS E in the DMZ with public IP ? ifyes how many interface are yo using ? if one are NATing in the firewall the public IP to a private IP in the DMZ for the VCS E ?

- if you are registering to the VCS E you need to have the SIP domain configured in Movi same as the SIP domain configured in the VCS E

- you need to have a rule for the internal SIP domain

if you are using same SIP domain then you need to have rule to point to local VCS E and to VCS C too

HTH

arbenjamin Mon, 09/05/2011 - 03:17

Dear Marwanshawi,

The VCS -E is just configure with a public IP address with one interface.

In our lab environment, we are configured with same sip domain (for example abc.com) in both VCS-C and VCS-E.

There are some Tandberg endpoints separately registered to VCS-C and VCS-E, and they can make video calls.

Correct Answer
Marwan ALshawi Mon, 09/05/2011 - 03:47

thats mean you are not nating to the AMZ just direct to the Public IP of the VCSE

if this is the case at lease you should see registration attempts if nothing can be seen then you need to look into the firewall level

is it ASA ? try tp do packet capture and see why you arew not hitting the VCSE using SIP

as it might be firewall issue !

HTH

vdepee Sat, 09/03/2011 - 19:50

Lai,

In your TMS, check to make sure that the external sip server address is the ip address of your expressway.

arbenjamin Mon, 09/05/2011 - 03:27

hi Vernon Depee,

I have checked the TMS configuration, the external sip server address is the VCS-E address while SIP Server Address is the VCS-C address.

Thx

arbenjamin Mon, 09/05/2011 - 09:05

Dear all,

The problem has been solved by configured as follow,

add your endpoints' credentials(movi account and password) to the Authentication database of the VCS-Expressway.

However, we supposed the VCS-E will relay to the provisioning VCS control.

Can anyone provide some suggestions on this?   

Marwan ALshawi Mon, 09/05/2011 - 16:25

Hi Ben

so it is not Firewall issue rather authentication issue

before i used the VCE E as SIP proxy where i send the registration to the VCS S and it is integrated with TMS for provisioning i found it better than registering the endpoint to the VCS E as you can have all your call control configs on one place VCS C and the E is just like proxy to SIP Signaling and registration

not sure this is might be communication issue between the VCS E and TMS if the accounts are in TMS, this is in the case you are using TMS logins

anyway thanks for the update

arbenjamin Wed, 09/07/2011 - 02:38

Hi marwanshwai,

Provisioning supposed to replicate and distribute TMS provisioning information from TMS via VCS-C.

In this case, Movi user is located at home (in which case movi will located VCS-E), and subsequent provisioning messages to VCS-C.

TMS <->VCS-Control <->VCS-Expressways <->movi

Do you think the problem is firewall port usage between VCS-C and VCS-Expressway for the provisioning message?

On the other hand, I have checked some port usage in between replicating partner(such port 389,8787,4444,8989). However, these ports are probably used for cisco TMS agent between TMS and VCS.

joshuamarsh Tue, 09/20/2011 - 19:26

Ben,

I was in the exact same boat.  My VCSC and VCSE showed up from the factory w/ licensing installed.  It turns out that Provisioning and Find Me licensing were both shipped on Express as well as on Control.  I had a partner bundle, so I don't think this wouldn't be a normal situation, but you could recreate it if you installed licensing in the incorrect place.  I removed Provisioning and Find Me from Expressway, ran "xconfiguration SIP Routes" on the Expressway, and it worked like a champ.

J

danemartin Tue, 12/20/2011 - 18:16

Joshua, you are a lifesaver.  I couldn't figure out why Movi was failing to the VCS-E and working fine to VCS-C.  I too got my VCS appliances using ATP partner SKUs and they came with licenses pre-installed.  I just looked and sure enough, device provisioning was installed on Expressway (which I would have never added if I started from scratch).  I deleted the provisioning option key and Movi now registers through the VCS-E as expected.

As a side note, dual network interfaces were pre-installed as well. Even though I never configured the IPs or plugged in a network cable on LAN2, these interfaces caused random problems with TMS agent replication until I deleted the DI option key.

Thanks!

Dane

Actions

Login or Register to take actions

This Discussion

Posted September 1, 2011 at 9:46 AM
Stats:
Replies:18 Avg. Rating:5
Views:3770 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard