Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1220
Views
0
Helpful
4
Replies

Jabber/MOVI call routing via VPN on VCS-E

Go to solution
Georg Kehrer
Level 4
Level 4

‎05-29-2012 11:26 PM - edited ‎03-17-2019 11:14 PM

Dear all

I have a Problem with the follow situation.

- 2 Movi Client via VPN Tunnel connectet on the VCS-Expressway

- both VPN tunnel on the same subnet.

- NO ICE configured!

Now the Problem is that the Signalling is going through the VCS-E but the Media traffic is going directly, which is in this situation over VPN would be not allowed.

Is it possible to configure something that all traffic Signalling and Media is going through the VCS-E if both MOVI Client  on the same subnet?

Best regards

Georg

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Tomonori Taniguchi
Cisco Employee
Cisco Employee

‎05-29-2012 11:43 PM

The call between Jabber Video clients and bot have same sip contact address and source IP address, then VCS will treat as non-traversal call (client is not behind firewall).

Therefore VCS will not stay in media routing.

Are you able to configure DHCP scope range for VPN client for different subnet IP address?

View solution in original post

0 Helpful

Go to solution
awinter2
Level 7
Level 7

‎05-30-2012 01:06 AM

Hi Georg,

the media is going direct because there is no NAT between the Movi clients and the VCS-E, this is the expected behavior for SIP registered devices which are not behind a NAT.

To resolve this you would either have to

a) allow this direct media traffic between VPN clients in your firewall or

b) NAT the VPN Movi client traffic before it hits the VCS-E (In which case the VCS-E will take media for these calls)

Hope this helps,

Andreas

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Tomonori Taniguchi
Cisco Employee
Cisco Employee

‎05-29-2012 11:43 PM

The call between Jabber Video clients and bot have same sip contact address and source IP address, then VCS will treat as non-traversal call (client is not behind firewall).

Therefore VCS will not stay in media routing.

Are you able to configure DHCP scope range for VPN client for different subnet IP address?

0 Helpful

Go to solution
awinter2
Level 7
Level 7

‎05-30-2012 01:06 AM

Hi Georg,

the media is going direct because there is no NAT between the Movi clients and the VCS-E, this is the expected behavior for SIP registered devices which are not behind a NAT.

To resolve this you would either have to

a) allow this direct media traffic between VPN clients in your firewall or

b) NAT the VPN Movi client traffic before it hits the VCS-E (In which case the VCS-E will take media for these calls)

Hope this helps,

Andreas

0 Helpful

Go to solution
Georg Kehrer
Level 4
Level 4
In response to awinter2

‎05-30-2012 01:24 AM

Hi Andreas Hi Tomonori

Thank you for the quick answer.

Now I see now other way as to do NAT or allowed direct Traffic.

Best Regards

georg

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to awinter2

‎05-30-2012 06:29 AM

We filed that some time ago as a feature request but also never heard anything again.

* having a provisioning option telling specific clients to bind the media to the VCS.

* having a zone/localsubzone option to force/uncforce/auto expressway behavior

* improve the automatic sip fw (or better said today its only nat) behavior.

* implement "stun test II, request from different ip" http://upload.wikimedia.org/wikipedia/commons/6/63/STUN_Algorithm3.svg

* have ice support also on TC/TE systems

* ...

Please remember to rate helpful responses and identify

0 Helpful
Customers Also Viewed These Support Documents