09-16-2014 12:34 PM - edited 03-18-2019 03:25 AM
I have a 3 legged firewall config, with VCS-E sitting in a DMZ with only one interface connected and firewall doing all the NAT. VCS-E has the NAT option configured on its interface as well.
All works ok, but sometimes I see SIP traffic from VCS-E private IP address to its public IP address. The firewall thinks that this is an attack and blocks it.
What's the reason for VCS-E to talk to itself in the first place?
Thanks,
Eli
09-18-2014 10:08 PM
Have you correctly followed all the guides about setting up a VCS-Expressway in a DMZ?
Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
09-19-2014 07:38 AM
Of course I have.
09-21-2014 05:29 PM
Great. That's not always the case, so always worth checking.
Can you provide some more information on your issue, such as which versions of software you are running, a capture of the call logs from the VCS for one of the odd calls, and perhaps an overview of your search rules.
If we can see the call, and the search path it's taking, it may be easier to identify why it appears to be calling itself.
Are the calls being blocked actually calls between your devices, or are they from external devices, or perhaps something like a SIPVicious scan?
Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.
09-25-2014 08:29 AM
According to Cisco tech support this is the correct behaviour for this kind of setup. I can't wrap my head around it but if they say so I'll let it be.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: