Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

VCS Expressway versus ACME SBC

We are looking to deploy a pair of VCS-Expressway appliances in our DMZ for off net conferecing. However, our security group is questioning why we can't use our ACME SBC's for SIP communications from the inside out to the internet and for SIP communications from the internet into our conferencing environment.

I can't find a definitive answer anywhere to give them an accurate response. Is there anything out there documenting the differences between a VCS-E appliance and an ACME SBC? Or even better, how are they similar?

Thanks.

4 REPLIES

VCS Expressway versus ACME SBC

Hi there

SIP proxy is one function that VCS-E dose

the main difference and advantage that it can provide from security poin of view is that VCS-E connect to the VCS-C in the inside network using a tunnel

normally with VOIP/Video calls during signaling the end point with call control system negotiate the RTP port for the call

to allow calls with the Internet over a firewall you need to open a wide range of udp port for the RTP media traffic that is automatically negotiated

using VCS-E it can proxy this negotiation proxy the call to the internal VCS-C in the inside and also can re intiate  the call to the end point in the outside where the firewall inspection can all the return traffic in this case without the need to open a wide range of port from outside to inside or DMZ and only you need to allow SIP and DNS ports in this case which is more secure

if a call came into the H323 or SIP endpoint from the internet, that call would actually be hosted on the VCS Expressway sitting on the outside/DMZ of the firewall. This is achieved by the VCS Expressway instructing the internal VCS Control over the pre configured tunnel to initiate a call out to Expressway from the endpoint in question. Expressway then seamlessly connects the two sites on the outside/DMZ of the firewall.

This provides unrivalled network security and users are totally unaware that this procedure has occurred

hope this help

VCS Expressway versus ACME SBC

let us know if this answered your question !

New Member

VCS Expressway versus ACME SBC

This answered part of my question. What I really need to provide our security team is a list of the specific security features provided by the VCS software.

VCS Expressway versus ACME SBC

First if all VCS is not a security device or software it is call control system

However by having VCS expressway in the DMZ you can provide more secure and smoth video comminication from untrustworthy network such Internet

And you can read the datasheet of VCS E for more details like tunneling, nating etc

Hope this help

2428
Views
0
Helpful
4
Replies
CreatePlease to create content