i have problem regarding vcsc and vcse integration.
my topology like this (got from "Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway)" but with different ip)
If i followed this deployment guide, then i shoud create a traversal zone. vcs c as traversal client and vcs e as traversal server.
the guide say "The traversal client zone on the VCS-C needs to be configured with a peer address which matches the static NAT address of the VCS-E"
i already do that, but the registration status still fail. but if i add vcse internal ip address, it can register.
Do i miss something?
Solved! Go to Solution.
We don't actually use the dual Ethernet option on our VCS-E to provide NAT'ing, but my feeling is that you would indeed peer the VCS-C to the internal interface of the VCS-E. It make no sense otherwise. I think that there can also be NAT'ing between the VCS-E and VCS-C, so maybe the documentation is referring to that possibility.
really appreciate your response. i hope you can stick with me for a while :)
the document said that, because the static nat already enabled on vcse, then the signaling and media traffic will send to its static ip.
is there any way that i can check the static NAT configuration in vcse already run well?
if i register the internal interface, vcsc can register to vcse.
As mentioned, I'm probably not the best person to answer this for you as we do not have any dual interface VCS-E that support NAT, hopefully someone else will jump in. However, I think (from what I have read on here), that the 1st Ethernet port (eht0) is used for the WAN NAT connection, whilst the second (eth1) is use for the internal connection to which the VCS-C will peer to.
i hope, someone still want to jump in. i am suspecting that NAT is the problem.
My configuration is:
1. ip public : 192.168.200.200
2. vcs-e internal ip : 10.170.11.47
3. in vcs-e in configure fallback alias to 45000 (mcu)
4. my mcu is registered to vcs-e
i try to call to 192.168.200.200 ( the call should be forwarded to 45000), but in vcs-e i see the log that call rejected because it doesn't found the destination.
Can you post the search history in a text file?
Do other calls work to VCS-C registered devices/e164?
On the VCS can you see that 45000 is a registered alias?
What happens if you dial 45000@publicip?
Does your search rule strip the @publicip so it only matches 45000 if it is just E164?
Use the locate tools built into the VCS to search for 45000 also try 45000@publicip
thank you for your respond. After i follow your guide, i can call the 45000. but the problem is the media route is "false". when i see call statistic in the endpoint, the endpoint transmit traffic, but doesn't receive any traffic.
Make sure optimal call routing is disabled. Media won't be routed for multiple reasons based upon the endpoint capabilities and if the actual endpoint is behind a NAT
What is the make and model of the endpoint calling the 45000 extension, is it registered to the VCS expressway?
Is there any reason why the MCU is registered to the Expressway and not the control?
the optimal call routing that you means, is it on "vcs configuration > calls" menu?
i set it to default, which is always but the media route still false
the 45000 is a mcu 5310. Actually, for the deployment, i will register it to control. but i can't make it works (the call from internet cannot reach the 45000), so i move the registration to vcs-e to simplify troubleshooting. after this work, i plan to move the registration back to vcs-c.
i think that my static nat in vcs-e is not working.
The call is detected as non-traversal, i think it should be traversal call
After i collect tcpdump, the call is in TCP. I attacth the tcpdump for information (my endpoint public ip is 192.168.199.254, my vcs 10.170.11.47, mcu 10.170.11.46)
I already can call to mcu. right now, my mcu is registered to vcs-e ( i am doing this to simplify my troubleshooting). When i dial 45000 (my mcu vmr number), i already can join the conference.
Then, i want to move my mcu registration to vcs-c. from deployment guide i should add public vcs-e address in traversal client (in vcs-c). but the status is failed.
Do you have a topology diagram and can you post the xconf from both vcs control and expressway?
Is your expressway single or dual interface enabled?
i attach my topology. currently, i can call from internal c60 to internet endpoint.
but call from internet to 45000, still can not work. but when i check search history in vcs-c and vcs-x the status is found.
how can i get the xconf?
Sounds to me to don't have a search rule to pass the 45000 fallback alias down the traversal zone. When the MCU is registered locally to the VCS-E, then a default local search rule will find the MCU. How to you target the Traversal Zone (by which I mean what is the rule that is in place that passes calls down the traversal zone to the VCS-C)?
Reviewing some of you configs I would suggest going through the documentation once more. Just some points I have seen
- VCS Expressway, create a local authentication user for the traversal and don't use the admin account (Configuration > Authentication > Local Database)
- VCS Expressway keep the traversal server zone (you can keep H323 and SIP enabled). associate the search rules as required.
- VCS Expressway, appears you have dual network interface enabled. I would recommend enabling connecting LAN2 it to the same subnet as the VCS Control
- VCS Expressway, remove the neighbour zone (or disable it along with the associated search rules, or change the rules pointing to the traversal zone)
- VCS Control, update traversal client zone, point it to the VCS-E LAN2 IP Address, setup search rules
sori for very late response. my client doesn't want dual network interface.
the current condition, i can establish call to public ip video conference, but i cannot receive the incoming stream ( i check on c60 ). i check the firewall configuration, no packet is dropped.
I have friend that have similar issue, then he just not select the h.239 in call preference, then works.
The expressway will always update messaging within H323/SIP to include the static NAT IP configured. This is by design as it is assumed all devices point to this IP Address therefore the interface IP address is always behind a NAT.
If you root into both VCS devices and do a 'tcpdump -n udp' start a call you might see the source/destination IP addresses.
From the information I have there are three ways around this:
- Setup NAT appropriately so the VCS control also talks to the IP address behind the NAT
- Disable the static NAT and configure the expressway with the actual IP address desired
- Connect the second interface (direct to internal OR to another firewall Interface) and the VCS Control communicates to that interface
Hope this helps
my implementation using first option. i already set the traversal zone with public vcs-e ip address as destination address. the zone already active.
when i try to call to our client office in japan, i don't receive incoming traffic.
i try to call to some public ip vicon test, most of them fail/ not receive incoming traffic (18.104.22.168), but one of them successful (22.214.171.124).
i don't use fallback. i call from internet to email@example.com
i create transform in vcs-x, from firstname.lastname@example.org to 45000.
i create search rule pattern 45000 to vcs control.
in vcs control, i check "search history", status is found.
but still can't establish call