Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VCS expressway firewall rules

Hello,

I just need your confirmation about the following setup.

VCSC ------  FW ------- Internet

                        |

                        |

                    VCSE

We are using Dual Nic option key with NAT.

VCS expressway wil be connected with only 1 LAN interface to FW.  It will have a private ip address.  Firewall will be Natting the VCSE private ip address to a public ip address.

When updating the FW rules as per following link:

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X7-1.pdf

Appendix 3 - Page 55-58

What VCS expressway  ip address do you need to use for FW rules?  private or public one?

Thanks in advance.

Ahmed

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions

VCS expressway firewall rules

Hi Ahmed!

If you use the VCS-E with the dual interface option for NAT with only one interface all communication,

from the internet and from your internal network have to go to the _public_ ip address, not the private

one. So its not only on the firewall, but also the destination for the traversal zone on the VCS-C.

Regards your firewall it will depend on what your firewall needs to have configured.

Some firewalls (or at least the admins/users) seem to have issues getting the vcs-e reached from intenal on the

external ip. If this is an issue you would need to use the secondary interface of the vcs and define an additional

dmz.

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

3 REPLIES

VCS expressway firewall rules

Hi Ahmed!

If you use the VCS-E with the dual interface option for NAT with only one interface all communication,

from the internet and from your internal network have to go to the _public_ ip address, not the private

one. So its not only on the firewall, but also the destination for the traversal zone on the VCS-C.

Regards your firewall it will depend on what your firewall needs to have configured.

Some firewalls (or at least the admins/users) seem to have issues getting the vcs-e reached from intenal on the

external ip. If this is an issue you would need to use the secondary interface of the vcs and define an additional

dmz.

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

New Member

VCS expressway firewall rules

Thanks Martin,

We suggested to customer the option to use the second interface but he prefer to use only one.  So FW admin will have to make it working with public ip address :-)

So I will ask for FW rules using the public ip address.

Best regards,

Ahmed

VCS expressway firewall rules

Hi Ahmed!

Thank you for your feedback! (+5 for you).

Yes, and I would not be surprised if it will end up of the customer using a second dmz and the second interface ;-)

VCS-C - FW - (1) VCS-E (2) - FW - Internet

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

994
Views
5
Helpful
3
Replies