Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VCS control and VCS expressway peer address failed

We have implementation of VCS control with VCS expressway within an internal leg of the Fortigate firewall with no dual NIC. We have NAT-ed virtual public IP for both inside the firewall. both VCS are in the same subnet (private IP and NAT-ed virtual public IP). Peer addressing for both NAT-ed virtual public IP is failing but both can definitely recognized their private IP.

Someone might have a similar experience in this kind of implementation. Please advise. Thank you.


I am not sure I understand

I am not sure I understand the topology completely but I would start with a ping test. Log into the root of the VCSC and ping the VCSE IP address you are trying to peer with. Also, Static NAT is not supported on the VCSC, only the VCSE if that is what you are trying to do.

Please rate useful posts.
New Member

ping test and traceroute were

ping test and traceroute were successful after enabling NAT feature of the virtual public ip (vip) in the firewall for both VCS. also vip peer address of VCSe went active in VCSc but h323. attached also is the network orientation for illustration. thank you.

Hi ritchienasayaoI have

Hi ritchienasayao

I have looked at the topology diagram and still am a little confused. What is the device outside of the firewall before the cloud? This is were the VCS-E would usually sit - possibly further protected by another Firewall thus creating a DMZ, but this is not absolutely necessary.

The VCS-C and VCS-E pair make up a firewall traversal solution - i.e. allowing video traffic to travel across the firewall meaning without the need to open up a whole bunch of ports. It seem from the diagram that the VCS-C and VCS-E are logically connected to the same internal network.

Can you explain further?



New Member

hi Chris,The device located

hi Chris,

The device located outside the firewall is just a load balancer. The present network does not have a DMZ. No public IP connection is available.

I was actually looking for a deployment that might have similar Fortigate firewall model which I am trying to validate. thanks.


You might want to check out

You might want to check out this guide which will give you an understanding of how the VCS pair can be deployed.