VCS-Control in production environment 10.100.100.33 /24 GW .1
VCS-Expressway in the DMZ.
Dual NIC option installed
LAN1 is our externally facing interface
192.168.100.33 /24 (DMZ IP address in DMZ A)
static nat mode ON
public IP 65.xx.xx.xx NAT'd to LAN1 IP Address
Static NAT address defined on this interface
set to 100/full (same on switchport)
LAN2 is our internal facing interface
192.168.200.33 /24 (DMZ IP address in DMZ B)
static nat mode OFF
Set to 100/full (same on swtichport)
I added the following route in the VCS-Expressway to allow VCS-Expressway to reach the VCS-Control
xCommand RouteAdd Address: "10.100.100.33" PrefixLength: 32 Gateway: "192.168.200.1" interface: "Lan2"
The VCS Control traversal zone is pointed to the LAN 2 IP Address of VCS-E. Both SIP and H323 are active.
We have 2 seperate DMZs in our environment and they both have a /24 subnet.
I configured each LAN interface on the Expressway to be in seperate subnets.
My question is that the 2 subnets on the VCS Expressway are seperated by a FW. Are there any appropriate rules I need to put in place on this firewall since LAN1 and LAN2 on the VCS-E straddle this FW?
I initially tried to place the LAN1 and LAN2 interface of VCS-E in a single subnet DMZ but was not succesfull in placing an outbound call.
I place a call from my EX90 registered to the VCS-Control and i see in the logs on the VCS Expressway that the call is being rejected.
Is there any other debugs i can run to figure out what is going on? Unfortunately i do not have access to the firewall so i cannot look at those logs.
When i use the DNS tool within the VCS-E i am able to resolve the Domain i am trying to call and see the SRV records.
Any thoughts would be appreciated.