Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VCS E to VCS C traversal zone issue Response-code="503"

Hello,

I have an new implementation where have 1 VCS Control in internal LAN and 1 VCS Expressway in DMZ, using single LAN interface on VCS expressway.

Right now, If I set the VCS Exrepssway's public IP as the peer of VCS Control's traversal zone, I got the message Response-code="503" in the log:

tvcs: Event="Response Sent" Service="SIP" Src-ip="192.168.59.21" Src-port="7001" Dst-ip="172.29.5.21" Dst-port="25600" Protocol="TLS" Method="OPTIONS" To="sip:208.98.233.201:7001" Response-code="503" Level="3" UTCTime="2012-05-29 15:16:01,222"

However, If I set the VCS Exrepssway's private  IP as the peer of VCS Control's traversal zone, sip can successful activated on both VCS C and VCS E. In this case, I see the Response-code="200" and Response-code="401" in the log.

Anyone know what does Response-code="503" measn in VCS E, any document explained the response code?

Thanks much.

4 REPLIES

VCS E to VCS C traversal zone issue Response-code="503"

Hi Curtis,

503 error code means service unavailable. It seems to me probably a firewall in between blocking connection.

since you have a single with static NAT you have to set the NAT'ed ip of vcs-express as peer on vcs-control. In the logs of VCS do you see any more information???

Thanks

Alok

New Member

VCS E to VCS C traversal zone issue Response-code="503"

These the log from VCS-E.

DMZ:

VCSE LAN IP: 192.168.59.21

VCSE PUBLIC IP: 208.98.233.201

Internal:

VCSC LAN IP: 172.29.5.21

On VCSC, I set 208.98.233.201 as the VCSE peer IP on Traversal zone. Firewall are opened for the access, didn't block anything.

May 29 10:25:01tvcs: Event="Response Sent" Service="SIP" Src-ip="192.168.59.21" Src-port="7001" Dst-ip="172.29.5.21" Dst-port="25608" Protocol="TLS" Method="OPTIONS" To="sip:208.98.233.201:7001" Response-code="503" Level="3" UTCTime="2012-05-29 16:25:01,260"
May 29 10:25:01tvcs: Event="Request Received" Service="SIP" Src-ip="172.29.5.21" Src-port="25608" Dst-ip="192.168.59.21" Dst-port="7001" Protocol="TLS" Method="OPTIONS" Request-URI="sip:208.98.233.201:7001;transport\=tls" Level="3" UTCTime="2012-05-29 16:25:01,260"
May 29 10:25:01tvcs: Event="Message Received" Service="SIP" Src-ip="172.29.5.21" Src-port="25608" Dst-ip="192.168.59.21" Dst-port="7001" Protocol="TLS" Num-bytes="676" Level="4" UTCTime="2012-05-29 16:25:01,260"

On the traversal zone status of VCSC, it actually showing:

H.323: Active: 208.98.233.201:6001
SIP: Active: 208.98.233.201:7001

The traversal zone status of VCSE:

Status
StateWarning
SIP portActive
H.323 portActive
CauseSystems unreachable
Number of calls to this zone0
Bandwidth used on this VCS0 kbps
Total bandwidth used across this cluster0 kbps
Peer 1H.323: Active: 172.29.5.21:1719
Search rules targeting this zone1
Gold

VCS E to VCS C traversal zone issue Response-code="503"

Curtis,

this can happen if the VCS-E is not aware of its public NAT address when it receives an OPTIONS ping destined for this public NAT address. Have you installed the 'Dual network interfaces' option key and configured static NAT on the VCS-E?

With this setup, with the dual NIC option key installed, on the IP settings page on the VCS-E, you should configure 'IPv4 static NAT mode' to 'On' and IPv4 static NAT address' to '208.98.233.201' on the interface which is NAT'ed.

Please refer to 'Appendix 4 - Static NAT and Dual Network Interface architectures' in the following document for guidelines on how to set this up:

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X7-1.pdf

Hope this helps,

Andreas

New Member

Re: VCS E to VCS C traversal zone issue Response-code="503"

Thank you very much, we don't have dual network license but looks like that's the way to make it work under DMZ

Sent from Cisco Technical Support iPhone App

1163
Views
0
Helpful
4
Replies