cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1977
Views
5
Helpful
5
Replies

CUCM 9 and SIP URI on SX20

a.gooding
Level 5
Level 5

Guys

very new to telepresence and i am still reading up on designs etc but just thought id ask probably some basic questions for my understanding.

I have CUCM 9 with an SX 20 registered to it. i also have Jabber Video and what im attempting to do is the following

1. Make a call from SX20 to Jabber Video Client

2. make a call from Jabber Video client to SX20

i suppose i just need to get some items cleared

If i dial from the SX20 H323:<Jabber Client address> it works

If i dial SIP (Meaning its from the CUCM) it doesnt

If i dial from the Jabber Client DN@mydomain.com i can see it reaching my router but rejects the SIP message

i also have the following config

i have port forwarding setup on my router to direct the port ranges to the CUCM 9

i just read up on SRV records and i basically created a new host using a free DNS service and im now in the process of adding the SRV value

Im assuming it really cant be this simple and im reading on VCS and VSCE etc right now but am i on the right track or completely off here.     

i suppose the final intent to to allow anyone to connect to the TP systems from the outside and vice versa without VPN etc.

thanks in advance for the replies and be gentle

5 Replies 5

Paulo Souza
VIP Alumni
VIP Alumni

Hi, welcome to telepresence world!  =)

I have CUCM 9 with an SX 20 registered to it. i also have Jabber Video and what im attempting to do is the following

1. Make a call from SX20 to Jabber Video Client

2. make a call from Jabber Video client to SX20

i suppose i just need to get some items cleared

If i dial from the SX20 H323: it works

If i dial SIP (Meaning its from the CUCM) it doesnt

If i dial from the Jabber Client DN@mydomain.com i can see it reaching my router but rejects the SIP message

First, I am assuming that when you say "Jabber Video" you are talking about Cisco Jabber Video for Telepresence, which is a free client that allows you make video calls on internet by using Cisco's infrastructure. If you want to have external jabber video clients dialling your internal SX20 endpoints registered to CUCM, you cannot do that by using NAT and port forwarding, it does not work this way. You have to setup a firewall traversall environment to allow you internal endpoints to communicate with internet safely. You can have firewall traversall by using Cisco VCS Control and VCS Expressway. For example, you can have a setup like this, it provides a high level security:

CUCM ---[SIP Trunk]--> VCS control ----[traversal zone]----> Firewall -------> VCS Expressway <-------> Firewall <-----> Internet/Cisco Jabber

With regards dial plan, it would work this way:

  • You create a SIP route pattern in CUCM the matches the domain jabber.com and route it to VCS
  • Your internal SX20 endpoints diall username@jabber.com using SIP (H323 is not supported at all)
  • VCS-c receives the URI username@jabber.com and route it to VCS-e
  • VCS-e uses DNS to lookup the SIP information for the domain jabber.com and properly routes the call to Cisco Jabber Video infrastructure

The call coming from Jabber Video to your environment would work following the same path and logic. The Jabber Video would call your internal SX20 by using DN@yourdomain.com, so you would have to setup SRV records properly in your external DNS server pointing to VCSe.

This is just a resume of the environment, there are many further things you have to consider when implement a VCS/VCSe topology, you can check VCS configuration guides to learn more.

i have port forwarding setup on my router to direct the port ranges to the CUCM 9

i just read up on SRV records and i basically created a new host using a free DNS service and im now in the process of adding the SRV value

That does not work. CUCM is not ready to receive calls from internet via NAT/Port forwarding. Also, there are many security considerations. You should use VCS/VCSe in order to integrate your internal endpoints to internet. This is the oficial Cisco solution for video calls with internet.

I hope this help.

Regards

Paulo Souza

Please rate replies and mark question as "answered" if applicable.

Paulo Souza Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".

Paulo

thanks for the very detailed response there. Understand the setup and im seeing the relevance of each component here. This is just a test setup, do i need VC and VCE or is there anyway just to have VCE for now just for testing.

I also understand the security issues here, of course, if a simple nat and port forward to CUCM would work then that would be a huge security flaw but it was worth a try any way.

Again, very new to this (not to CUCM but to TP). i noticed that i can dial anything outthere by typing H323 versus normal on the SX20. This is, im assuming, because its standalone when im doing this so ill keep doing some standalone testing in the mean time.

One thing as well, im seeing docs with MCU 4500, that seem to have firewall traversal abilities. Can i use a MCU 4500, connect a SIP trunk to CUCM, have the endpoints register to the MCU versus CUCM and that would give the öutside world" access?

ill keep doing to the reading so ill probably sit back for a while and get a clear picture before coming in to post

thanks once again

This is just a test setup, do i need VC and VCE or is there anyway just to have VCE for now just for testing.

Well, you can do it using only a VCSe, but the setup will have some security issues. This setup would work fine even though not being the best practice:

CUCM ---[SIP Trunk]-------> VCS Expressway <-------> Firewall <-----> Internet/Cisco Jabber

Again, I do not recommend this setup, the high security level deployment if the first that I posted.

I also understand the security issues here, of course, if a simple nat and port forward to CUCM would work then that would be a huge security flaw but it was worth a try any way.

Yes, you can try. But putting away the security considerations, I think it won't work anyhow, because to make NAT with SIP/H323, you cannot simply configure a simply port forwarding, the firewall/router would need to have inspection/ALG feature enable, but this feature sometimes bring many issues, mainly regarding CUCM. I really don't think it is gonna work. I am a CallManager specialist too.

One thing as well, im seeing docs with MCU 4500, that seem to have firewall traversal abilities. Can i use a MCU 4500, connect a SIP trunk to CUCM, have the endpoints register to the MCU versus CUCM and that would give the öutside world" access?

Well, this is an old and not recommended deployment. The people used this deployment when there was not firewall traversall solution such as VCS-E. The deployment is basicly: you setup a MCU with two interfaces, one interface connected to the LAN and another directly connected to the internet, bypassing any firewall in the path. It would be something like this:

Endpoint interno -----          Firewall       --------------> Endpoint externo

                             --------> MCU <--------         

This is horrible deployment in my opinion. I would never suggest anybody to use it. but it is a option as well.

Best regards               

Paulo Souza

Please rate replies and mark question as "answered" if applicable.

Paulo Souza Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".

Good stuff and thanks once again. Im currently speaking to my AM to get the VCE. Totally understand the security risks as well and i really just wanna see video .

ill follow you guidance and ill post back when i have everything (including security) sorted.

Next step is to have an AVA500 walking around with me

Ok. That's fine. But again, just to emphasize, the best deployment is the first that I posted with VCS/VCSe.

Good luck!


Regards

Paulo Souza

Please rate replies and mark question as "answered" if applicable.

Paulo Souza Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: