Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

VCS Expressway no video

Hello All,

I have a VCS-E behind afire wall in NATed, I have the dual network option. I also have a VCS-C connected to the internal LAN. When I make call from the Internet to the endpoint registered in VCS-C I get no audio/video. When I call from internal LAN to outside world, I get video of the person in the Internet but not the other way. Also, randomly, when I tear down the call from one end the call on the other end stays up. I don't have DPI or ALG on my firewall. I also have ports 50000 to 52399 i open. Any other suggestions?

Sent from Cisco Technical Support iPhone App

Please rate useful posts.
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: VCS Expressway no video

> Putting the external address for traversal zone causes the traversal client to loose connectivity to the traversal server.

This is usually caused by firewall doesn’t support traffic from LAN go through WAN interface then back to DMZ.

But will require diagnostic log from both VCS-C and VCS-E retrieve same time to identify it.

For H.323 call, VCS will send back “NAT” address that configured on Ethernet to far end as media sending address.

For SIP, VCS will include two Record-Route information in SDP (one for own interface IP address and other for NAT address) as media sending address (routing path).

Therefore if LAN traffic not able to reach DMZ via WAN (public IP address of VCS-E “NAT”), video/audio payload from Endpoint in LAN won’t reach to VCS-E.

However VCS-E able to communicate to VCS-C so call from Endpoint on internet, video/audio payload from that Endpoint will reach to Endpoint in LAN.

11 REPLIES
Cisco Employee

VCS Expressway no video

Are you using 2nd interface on VCS-E for traversal link between VCS-C?

If you are using only 1st interface on VCS-E with NAT configuration, what traversal server address configured on VCS-C?

This address should be VCS-E public IP address not DMZ local address.

For example:

VCS-E with 200.1.1.1 as 1-to-1 NAT on firewall and configured 172.16.1.1 as DMZ local address.

VCS-C traversal zone configuration should with 200.1.1.1 as traversal server.

VCS Expressway no video

I only have the 2nd interface configured with the internal NAT address. (1st interface is unused) I did have the DMZ local address configured as the traversal server address; once I changed it to the external address as you suggested, the traversal server went down and doesnt connect anymore.

Please rate useful posts.
Cisco Employee

Re: VCS Expressway no video

Firstly if you are only using 2nd Ethernet interface on VCS-E, then make sure “External LAN interface” set to “LAN2” (default is LAN1), but from original explanation I assume you have already configured it as this.

Secondary, does your firewall support traffic from LAN (trust) network connect to DMZ interface via WAN (non-trust) interface?

Public IP address need to be used as traversal server address (both Endpoint and VCS-C) due to how VCS-E to handle and inform own IP address in call signaling.

There is number of firewall doesn’t support traffic from LAN to DMZ via WAN interface (although LAN to DMZ is permit).

If your firewall doesn’t allow LAN->DMZ via WAN, then solution will be to use both Ethernet interfaces on VCS-E.

For example

VCS-C Ether1 -(LAN/DMZ)- Ether1 VCS-E Ether2 -(DMZ/WAN)- Public Network

With this configuration, traversal server address configured in traversal zone in VCS-C will be Ether1 IP address of VCS-E.

VCS Expressway no video

Yes, LAN2 is set as external interface.

Traffic originated from LAN/WAN will be permitted to the DMZ on our network.

Putting the external address for traversal zone causes the traversal client to loose connectivity to the traversal server.

SInce the media signaling will have a different IP address when in DMZ, isnt that why we populate the 'IPv4 static NAT address' field in the LAN2 address interface with the external address and use the Dual network option?

Please rate useful posts.
Cisco Employee

Re: VCS Expressway no video

> Putting the external address for traversal zone causes the traversal client to loose connectivity to the traversal server.

This is usually caused by firewall doesn’t support traffic from LAN go through WAN interface then back to DMZ.

But will require diagnostic log from both VCS-C and VCS-E retrieve same time to identify it.

For H.323 call, VCS will send back “NAT” address that configured on Ethernet to far end as media sending address.

For SIP, VCS will include two Record-Route information in SDP (one for own interface IP address and other for NAT address) as media sending address (routing path).

Therefore if LAN traffic not able to reach DMZ via WAN (public IP address of VCS-E “NAT”), video/audio payload from Endpoint in LAN won’t reach to VCS-E.

However VCS-E able to communicate to VCS-C so call from Endpoint on internet, video/audio payload from that Endpoint will reach to Endpoint in LAN.

Re: VCS Expressway no video

Just to clarify, by WAN interface you mean the internet interface?

I have ports open on the internet interface as per the VCS Admin guides however I dont have ports 7001 and 6001 open (which is what I think the VCS-C will use to connect to VCS-E) from the outside. Is there any documentation that outlines this?

Please rate useful posts.

Re: VCS Expressway no video

You sir was very correct. Do you have some documentation outlining this?

Sent from Cisco Technical Support iPhone App

Please rate useful posts.
Cisco Employee

Re: VCS Expressway no video

The deployment guide “Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway” is available from Cisco portal site, however this is not cover your environment (no NAT configuration).

We are planning to expand deployment guide with additional deployment scenario but yet have clear release timing of it.

Re: VCS Expressway no video

Thank you!

Sent from Cisco Technical Support iPhone App

Please rate useful posts.
Cisco Employee

Re: VCS Expressway no video

I didn’t notice update version of deployment guide for NAT configuration is already available (Thanks Andreas).
VCS-E deployment with NAT configuration information is available in Appendix 4 of latest VCS Basic Configuration Guide, http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X7-1.pdf

Cisco Employee

VCS Expressway no video

Good, hope you managed to change firewall configuration or modified VCS-E deployment method to resolve your issue.

Just tip to identify whether call drop/one-way video “may” related to firewall issue with VCS diagnostic log without sniffer actual media payload packet.

H323: If continue to receive FUR message after call establish and call drop approximate 17 sec., far end Endpoint complaining there are missing key frame and initiate the call termination as no active media channel.

SIP: Look for 200 OK for Invite, if this packet is not reached to VCS-E even SIP UA transmitting, then 200 OK message transmit to wrong address or drop somewhere in network.

2221
Views
5
Helpful
11
Replies