We are looking to deploy a pair of VCS-Expressway appliances in our DMZ for off net conferecing. However, our security group is questioning why we can't use our ACME SBC's for SIP communications from the inside out to the internet and for SIP communications from the internet into our conferencing environment.
I can't find a definitive answer anywhere to give them an accurate response. Is there anything out there documenting the differences between a VCS-E appliance and an ACME SBC? Or even better, how are they similar?
the main difference and advantage that it can provide from security poin of view is that VCS-E connect to the VCS-C in the inside network using a tunnel
normally with VOIP/Video calls during signaling the end point with call control system negotiate the RTP port for the call
to allow calls with the Internet over a firewall you need to open a wide range of udp port for the RTP media traffic that is automatically negotiated
using VCS-E it can proxy this negotiation proxy the call to the internal VCS-C in the inside and also can re intiate the call to the end point in the outside where the firewall inspection can all the return traffic in this case without the need to open a wide range of port from outside to inside or DMZ and only you need to allow SIP and DNS ports in this case which is more secure
if a call came into the H323 or SIP endpoint from the internet, that call would actually be hosted on the VCS Expressway sitting on the outside/DMZ of the firewall. This is achieved by the VCS Expressway instructing the internal VCS Control over the pre configured tunnel to initiate a call out to Expressway from the endpoint in question. Expressway then seamlessly connects the two sites on the outside/DMZ of the firewall.
This provides unrivalled network security and users are totally unaware that this procedure has occurred
I know the basics for Cisco routers and switches but what I want to know is, if I set up VTP on a switch, is there a way to send it through routers to other switches? This will probably end up more hassle than gain, but it's interesting and cool to p...