Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
5
Replies

VCS control and VCS expressway peer address failed

Ritchie Nasayao
Level 1
Level 1

‎03-25-2014 04:23 AM - edited ‎03-18-2019 02:47 AM

We have implementation of VCS control with VCS expressway within an internal leg of the Fortigate firewall with no dual NIC. We have NAT-ed virtual public IP for both inside the firewall. both VCS are in the same subnet (private IP and NAT-ed virtual public IP). Peer addressing for both NAT-ed virtual public IP is failing but both can definitely recognized their private IP.

Someone might have a similar experience in this kind of implementation. Please advise. Thank you.

Labels:
0 Helpful
5 Replies 5

George Thomas
Level 10
Level 10

‎03-25-2014 10:53 AM

I am not sure I understand the topology completely but I would start with a ping test. Log into the root of the VCSC and ping the VCSE IP address you are trying to peer with. Also, Static NAT is not supported on the VCSC, only the VCSE if that is what you are trying to do.

Please rate useful posts.
0 Helpful

Ritchie Nasayao
Level 1
Level 1
In response to George Thomas

‎03-25-2014 12:15 PM

ping test and traceroute were successful after enabling NAT feature of the virtual public ip (vip) in the firewall for both VCS. also vip peer address of VCSe went active in VCSc but h323. attached also is the network orientation for illustration. thank you.

Preview file
33 KB
0 Helpful

Chris Swinney
Level 5
Level 5
In response to Ritchie Nasayao

‎03-27-2014 01:13 PM

Hi ritchienasayao

I have looked at the topology diagram and still am a little confused. What is the device outside of the firewall before the cloud? This is were the VCS-E would usually sit - possibly further protected by another Firewall thus creating a DMZ, but this is not absolutely necessary.

The VCS-C and VCS-E pair make up a firewall traversal solution - i.e. allowing video traffic to travel across the firewall meaning without the need to open up a whole bunch of ports. It seem from the diagram that the VCS-C and VCS-E are logically connected to the same internal network.

Can you explain further?

Cheers

Chris

0 Helpful

Ritchie Nasayao
Level 1
Level 1
In response to Chris Swinney

‎03-27-2014 07:01 PM

hi Chris,

The device located outside the firewall is just a load balancer. The present network does not have a DMZ. No public IP connection is available.

I was actually looking for a deployment that might have similar Fortigate firewall model which I am trying to validate. thanks.

Cheers!

0 Helpful

Chris Swinney
Level 5
Level 5
In response to Ritchie Nasayao

‎03-28-2014 08:21 AM

You might want to check out this guide which will give you an understanding of how the VCS pair can be deployed.

 

Cheers

Chris

 

0 Helpful
Customers Also Viewed These Support Documents