Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2063
Views
5
Helpful
12
Replies

How to enable two ip addresses on VCS starter pack express

Go to solution
FinningCL
Level 1
Level 1

‎07-02-2013 09:58 AM - edited ‎03-18-2019 01:23 AM

I have the Cisco Starter Express working with one ip address nated. This is working only inside the LAN. For to enable this machine over internet I bought the option key for dual network interface. I have enabled two interfaces but I don't know how I have to configure both ip addresses by to access from the internet. I tried to enable the static NAT, but it doesn't worked.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to FinningCL

‎07-08-2013 09:45 AM

There is only one default gateway and this is where the main traffic shall go out and that should point to the internet router.

If you have more internall addresses than "LAN" you can simply add additional routes via the admin console.

Like if LAN is 192.168.150.0/24 connected to LAN2 and you have 192.168.175.0/24 where your laptops are located and your internal

router for tha is 192.168.150.1 you would add that on the xcommand route add command:

xcommand RouteAdd 
*h 'xCommand RouteAdd'
"Adds and configures a new IP route (also known as a static route)."
             Address(r): < 1=""> "Specifies an IP address used in conjunction with the prefix length to determine the network to which this route applies."
             PrefixLength(r): <1..128> "Specifies the number of bits of the IP address which must match when determining the network to which this route applies. Default: 32"
             Gateway(r): < 1=""> "Specifies the IP address of the gateway for this route."
             Interface:  "Specifies the LAN interface to use for this route. Auto: the VCS will select the most appropriate interface to use. Default: Auto"

for the given example it would be (user admin via ssh):

xcommand route add address: 192.168.175.0 prefixlength: 24 gateway 192.168.150.1 interface: LAN2

But to be honest I am not sure jabbervideo this works that well with the expressway espress in

a dual lan enviroment anyhow.

Like with a vcs-c  / -e deployment you have the model of the internal and external vcs with

different hosts where it tries to get provisioning and then depending on that gets the data

for the registration. It can be that you anyhow only get the outside ip from the vcs-e.

So I would simply deploy it in a DMZ where the outside and the inside can reach the starterpack with

the same external NATed ip which is hosted in LAN1 or even put it directly on a public ip in a dmz, ...

Please remember to rate helpful responses and identify

View solution in original post

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to FinningCL

‎07-09-2013 01:37 PM

Hi Hugo!

Ok, perfect, great to hear!

Thank you for setting the thread to answered! +5 for you as well!

Please remember to rate helpful responses and identify

View solution in original post

0 Helpful
12 Replies 12

Go to solution
Martin Koch
VIP Alumni
VIP Alumni

‎07-02-2013 12:27 PM

Hi Hugo!

It would be handy to have a network drawing on how your network looks like, where exactly you see

the challenges.

In general. If you need NAT you need the Dual interface option, even if you just use one interface.

If you set up NAT with an external IP configured on in the network settings, video devices have

to connect to the external IP, thats valid for both interfaces.

SO In theory if you have a LAN and "the internet" via NAT:

LAN1 without nat settings placed in your lan (ex 10.1.1.2)

LAN2 with NAT (10.2.1.2) nat external ip: 192.0.2.4

LAN1&LAN2 have to be in logical different (l3) networks.

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
FinningCL
Level 1
Level 1
In response to Martin Koch

‎07-02-2013 01:05 PM

Hi Martin,

Thanks for your answer. Actually I have a NAT on my Firewall, my question is if inside the configuration of the VCS I have to change the option for the LAN 2 by to enable the NAT

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to FinningCL

‎07-02-2013 01:21 PM

Thats why I asked for a drawing and more explanation

You only enable NAT on the interface with the IP where NAT is done.

so if you do NAT with both interfaces you have to enable it on both.

If you only do it on one you only enable it and set the external ip on the one where its used, ....

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
FinningCL
Level 1
Level 1
In response to ahmashar

‎07-08-2013 07:20 AM

Ahmad,

Thanks for your answer, I did the configuration based on the information that I saw on the page 56, but the NAT local address doesn't have a default gateway and now I don't have a communication with the LAN.

What can I do by to fix this issue?

Thanks

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to FinningCL

‎07-08-2013 08:26 AM

Like I said, make a drawing and exactly explain your network and why it is like it is.

The network segments, and active components, (nat, firewall, endpoints, vcs, ips, zones, ...)

have to be understandable and to be identifiable. Also get note down what you need to archive.

Sometimes the requirement and the deployment dont fit :-)

Or get yourself help from networking and telepresence people.

Such problems are often way more easy to fix by looking at the current setup, rather having

info missing in the messages here, ...

I would strongly doubt that you have a network with nat and no gateway, ...

Sure you can make some combination of a source and destination nat, but that

does not make sense for me here :-)

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
FinningCL
Level 1
Level 1
In response to Martin Koch

‎07-08-2013 08:46 AM

Martin,

This is the Diagram:

The LAN was configured on the VCS with NAT and the F5 is nated. I don't see the VCS over Internet. Inside the LAN I don't see the LAN 1.

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to FinningCL

‎07-08-2013 09:08 AM

What kind of features do you use?

Is it endpoints or jabber video which you plan to register, especially from the LAN.

Where are what kind of devices placed?

How about your DNS setup?

So the devices on LAN2 are only in that lan, so no internet access present?

Regards Endpoints (TC/EXC/MX/SX+MXP) it should not be a problem, you simply configure

lan2 on the vcs to be in a private network like: 192.168.150.2/255.255.255.0

and the endpoints in "LAN" are placed in the same network (like 192.168.150.11, .12, ,13 ...)

As the h323 and sip gk/proxy you set up the LAN2 ip from the vcs, and sure your

dialplan must be ok and as you want public connectivity the dns records for the outside

need to be ok.

LAN1 is configured with the NAT address, not sure regards your drawing if F5 and Firewall are

doing NAT or if its only one NAT.

Also it has to be a static public ip with static NAT, all needed ports needs to be forwarded to the

VCSE and its outbound connectivity must be ok.

So actually I still have not a real clue what your problem is, so where are your endpoints,

what do you try to dial from where, which symptoms and errors do you get and what do you see in

the logfiles.

This looks like a pretty simple standard deployment, maybe it is easier if you find yourself

a Cisco partner who can help you or if you are one yourself, check with Cisco. External

consultants can also be helpful :-)

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
FinningCL
Level 1
Level 1
In response to Martin Koch

‎07-08-2013 09:22 AM

My Laptop has a jabber client and this equipment is inside the LAN, I can see the VCS inside of the LAN.

The DNS type A and SRV is configured inside of the LAN and over Internet.

The devices on the LAN 2 has access to Internet and the VCS too.

The LAN 2 is configured like a private network with an ip address that I can do a ping and I can manage the VCS.

LAN 1 is configured with NAT address from the F5.

In this moment is the LAN 1, the IP address doesn't respond the ping over the LAN and this is because I can to assign a default gateway for this IP.

How I fix this problem?

    

This is the IP configuration of the VCS

El mensaje fue editado por: Hugo Vivar

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to FinningCL

‎07-08-2013 09:45 AM

There is only one default gateway and this is where the main traffic shall go out and that should point to the internet router.

If you have more internall addresses than "LAN" you can simply add additional routes via the admin console.

Like if LAN is 192.168.150.0/24 connected to LAN2 and you have 192.168.175.0/24 where your laptops are located and your internal

router for tha is 192.168.150.1 you would add that on the xcommand route add command:

xcommand RouteAdd 
*h 'xCommand RouteAdd'
"Adds and configures a new IP route (also known as a static route)."
             Address(r): < 1=""> "Specifies an IP address used in conjunction with the prefix length to determine the network to which this route applies."
             PrefixLength(r): <1..128> "Specifies the number of bits of the IP address which must match when determining the network to which this route applies. Default: 32"
             Gateway(r): < 1=""> "Specifies the IP address of the gateway for this route."
             Interface:  "Specifies the LAN interface to use for this route. Auto: the VCS will select the most appropriate interface to use. Default: Auto"

for the given example it would be (user admin via ssh):

xcommand route add address: 192.168.175.0 prefixlength: 24 gateway 192.168.150.1 interface: LAN2

But to be honest I am not sure jabbervideo this works that well with the expressway espress in

a dual lan enviroment anyhow.

Like with a vcs-c  / -e deployment you have the model of the internal and external vcs with

different hosts where it tries to get provisioning and then depending on that gets the data

for the registration. It can be that you anyhow only get the outside ip from the vcs-e.

So I would simply deploy it in a DMZ where the outside and the inside can reach the starterpack with

the same external NATed ip which is hosted in LAN1 or even put it directly on a public ip in a dmz, ...

Please remember to rate helpful responses and identify

Go to solution
FinningCL
Level 1
Level 1
In response to Martin Koch

‎07-09-2013 09:46 AM

Martin,

Thanks for your help, now is working. I added the static route.

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to FinningCL

‎07-09-2013 01:37 PM

Hi Hugo!

Ok, perfect, great to hear!

Thank you for setting the thread to answered! +5 for you as well!

Please remember to rate helpful responses and identify

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents