Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VCS Control and VCS Express Integration

Dear All,

 

i have problem regarding vcsc and vcse integration.

my topology like this (got from "Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway)" but with different ip)

If i followed this deployment guide, then i shoud create a traversal zone. vcs c as traversal client and vcs e as traversal server.

the guide say "The traversal client zone on the VCS-C needs to be configured with a peer address which matches the static NAT address of the VCS-E"

i already do that, but the registration status still fail. but if i add vcse internal ip address, it can register.

Do i miss something?

 

Thanks,

Anju

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

 Check  to ensure your

 

Check  to ensure your firewall has all the appropriate ports opened including outbound and any ALG inspection/fixup for SIP/H.323 is disabled. Also get yourself a free cisco jabber account on a laptop/iPAD external to your network and do additional testing.

23 REPLIES
New Member

Hello, i see the event log,

Hello,

 

i see the event log, it said "invalid alias"

any idea?

 

Thx,

anju

New Member

hello, any idea? Thx,anju 

hello,

 

any idea?

 

Thx,

anju
 

We don't actually use the

We don't actually use the dual Ethernet option on our VCS-E to provide NAT'ing, but my feeling is that you would indeed peer the VCS-C to the internal interface of the VCS-E. It make no sense otherwise. I think that there can also be NAT'ing between the VCS-E and VCS-C, so maybe the documentation is referring to that possibility.

 

Cheers

Chris

 

 

New Member

Chris Swinney, really

Chris Swinney,

 

really appreciate your response. i hope you can stick with me for a while :)

the document said that, because the static nat already enabled on vcse, then the signaling and media traffic will send to its static ip.

is there any way that i can check the static NAT configuration in vcse already run well?

if i register the internal interface, vcsc can register to vcse.

 

Thx,

anju

Hi anju.As mentioned, I'm

Hi anju.

As mentioned, I'm probably not the best person to answer this for you as we do not have any dual interface VCS-E that support NAT, hopefully someone else will jump in. However, I think (from what I have read on here), that the 1st Ethernet port (eht0) is used for the WAN NAT connection, whilst the second (eth1) is use for the internal connection to which the VCS-C will peer to.

 

Cheers

Chris

New Member

Hi all, i hope, someone still

Hi all,

 

i hope, someone still want to jump in. i am suspecting that NAT is the problem.

My configuration is:

1. ip public : 192.168.200.200

2. vcs-e internal ip : 10.170.11.47

3. in vcs-e in configure fallback alias to 45000 (mcu)

4. my mcu is registered to vcs-e

i try to call to 192.168.200.200 ( the call should be forwarded to 45000), but in vcs-e i see the log that call rejected because it doesn't found the destination.

any idea?

Thanks,

Anju

Bronze

Can you post the search

Can you post the search history in a text file?

Do other calls work to VCS-C registered devices/e164?

On the VCS can you see that 45000 is a registered alias?

What happens if you dial 45000@publicip? 

Does your search rule strip the @publicip so it only matches 45000 if it is just E164?

Use the locate tools built into the VCS to search for 45000 also try 45000@publicip

 

New Member

Dear heathrw, thank you for

Dear heathrw,

 

thank you for your respond. After i follow your guide, i can call the 45000. but the problem is the media route is "false". when i see call statistic in the endpoint, the endpoint transmit traffic, but doesn't receive any traffic.

any idea?

Thanks,

Anju

 

Bronze

 Make sure optimal call

 

Make sure optimal call routing is disabled. Media won't be routed for multiple reasons based upon the endpoint capabilities and if the actual endpoint is behind a NAT

What is the make and model of the endpoint calling the 45000 extension, is it registered to the VCS expressway?

Is there any reason why the MCU is registered to the Expressway and not the control? 

New Member

Hi Heathrw, the optimal call

Hi Heathrw,

 

the optimal call routing that you means, is it on "vcs configuration > calls" menu?

i set it to default, which is always but the media route still false

the 45000 is a mcu 5310. Actually, for the deployment, i will register it to control. but i can't make it works (the call from internet cannot reach the 45000), so i move the registration to vcs-e to simplify troubleshooting. after this work, i plan to move the registration back to vcs-c.

i think that my static nat in vcs-e is not working.

The call is detected as non-traversal, i think it should be traversal call

After i collect tcpdump, the call is in TCP. I attacth the tcpdump for information (my endpoint public ip is 192.168.199.254, my vcs 10.170.11.47, mcu 10.170.11.46)

 

Thanks,

Anju

New Member

Dear all, I already can call

Dear all,

 

I already can call to mcu. right now, my mcu is registered to vcs-e ( i am doing this to simplify my troubleshooting). When i dial 45000 (my mcu vmr number), i already can join the conference.

Then, i want to move my mcu  registration to vcs-c. from deployment guide i should add public vcs-e address in traversal client (in vcs-c). but the status is failed.

Any idea?

Thanks,

Anju

Bronze

 Do you have a topology

 

Do you have a topology diagram and can you post the xconf from both vcs control and expressway?

Is your expressway single or dual interface enabled?

New Member

Heathrw, i attach my topology

Heathrw,

 

i attach my topology. currently, i can call from internal c60 to internet endpoint.

but call from internet to 45000, still can not work. but when i check search history in vcs-c and vcs-x the status is found.

how can i get the xconf?

 

thx,

anju

Bronze

 SSH into the VCS devices

 

SSH into the VCS devices using the admin account, turn on logging run command xconf

Sounds to me to don't have a

Sounds to me to don't have a search rule to pass the 45000 fallback alias down the traversal zone. When the MCU is registered locally to the VCS-E, then a default local search rule will find the MCU. How to you target the Traversal Zone (by which I mean what is the rule that is in place that passes calls down the traversal zone to the VCS-C)?

 

Cheers

Chris

New Member

i attach xconf Thx,Anju

i attach xconf

 

Thx,

Anju

Bronze

 Hi,  Reviewing some of you

 

Hi, 

 

Reviewing some of you configs I would suggest going through the documentation once more. Just some points I have seen

- VCS Expressway, create a local authentication user for the traversal and don't use the admin account (Configuration > Authentication > Local Database)

- VCS Expressway keep the traversal server zone (you can keep H323 and SIP enabled). associate the search rules as required.

- VCS Expressway, appears you have dual network interface enabled. I would recommend enabling connecting LAN2 it to the same subnet as the VCS Control

- VCS Expressway, remove the neighbour zone (or disable it along with the associated search rules, or change the rules pointing to the traversal zone)

- VCS Control, update traversal client zone, point it to the VCS-E LAN2 IP Address, setup search rules

 

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Control_with_Expressway_Deployment_Guide_X7-2.pdf

New Member

Hi all, sori for very late

Hi all,

 

sori for very late response. my client doesn't want dual network interface.

the current condition, i can establish call to public ip video conference, but i cannot receive the incoming stream ( i check on c60 ). i check the firewall configuration, no packet is dropped.

I have friend that have similar issue, then he just not select the h.239 in call preference, then works.

Any suggestion?

 

Thx,

Anju

Bronze

Hi Anju The expressway will

Hi Anju

 

The expressway will always update messaging within H323/SIP to include the static NAT IP configured. This is by design as it is assumed all devices point to this IP Address therefore the interface IP address is always behind a NAT.

 

If you root into both VCS devices and do a 'tcpdump -n udp' start a call you might see the source/destination IP addresses.

 

From the information I have there are three ways around this:

- Setup NAT appropriately so the VCS control also talks to the IP address behind the NAT

- Disable the static NAT and configure the expressway with the actual IP address desired

- Connect the second interface (direct to internal OR to another firewall Interface) and the VCS Control communicates to that interface

 

Hope this helps

 

 

 

New Member

hi heathrw, my implementation

hi heathrw,

 

my implementation using first option. i already set the traversal zone with public vcs-e ip address as destination address. the zone already active.

when i try to call to our client office in japan, i don't receive incoming traffic.

i try to call to some public ip vicon test, most of them fail/ not receive incoming traffic (212.46.129.162), but one of them successful (71.14.2.154).

any idea?

 

Thx,

Again

Bronze

 Check  to ensure your

 

Check  to ensure your firewall has all the appropriate ports opened including outbound and any ALG inspection/fixup for SIP/H.323 is disabled. Also get yourself a free cisco jabber account on a laptop/iPAD external to your network and do additional testing.

New Member

Hi Heathrw, yes, it is

Hi Heathrw,

 

yes, it is because H323 inspection in checkpoint.

 

Thx,

Anju

New Member

hi chris, i don't use

hi chris,

 

i don't use fallback. i call from internet to 45000@192.168.200.200

i create transform in vcs-x, from 45000@192.168.200.200 to 45000.

i create search rule pattern 45000 to vcs control.

in vcs control, i check "search history", status is found.

but still can't establish call

 

thx,

anju

784
Views
0
Helpful
23
Replies
CreatePlease login to create content