Solved: VCS Starter Pack in a datacenter (Behinde fixed NAT)

moemen.mostafa · ‎12-26-2011

Hi guys,

We have a Telepresence VCS starter pack express server and it was working great in our office on E2 dataline but now after moving it to a datacenter there is a problem with registering a Movi client to the VCS over the Internet.

The server setup now is this: VCS Starter pack - Firewall/Touter - Internet - Movi

The VCS is connected to LAN (internal datacenter network with one interface and is static NATed to the Internet with a router)

all ports are open in the firewall (inbound and outbound)

And here is the settings in the VCS:

Default Zone - Authentication Policy - Check Credential

Default Subzone - Authentication Policy - Threat as authenticated

Also here is the log of the Movi Registering attempt from the public network (Internet):

Dec 26 14:11:21	tvcs: Event="Message Sent" Service="SIP" Src-ip="10.29.10.43" Src-port="5061" Dst-ip="41.130.193.41" Dst-port="59519" Protocol="TLS" Num-bytes="426" Level="4" UTCTime="2011-12-26 12:11:21,714"
Dec 26 14:11:21	tvcs: Event="Response Sent" Service="SIP" Src-ip="10.29.10.43" Src-port="5061" Dst-ip="41.130.193.41" Dst-port="59519" Protocol="TLS" Method="SUBSCRIBE" To="sip:provisioning@tele.med" Response-code="404" Level="3" UTCTime="2011-12-26 12:11:21,714"
Dec 26 14:11:21	tvcs: Event="Request Received" Service="SIP" Src-ip="41.130.193.41" Src-port="59519" Dst-ip="10.29.10.43" Dst-port="5061" Protocol="TLS" Method="SUBSCRIBE" Request-URI="sip:mmostafa@tele.med" Level="3" UTCTime="2011-12-26 12:11:21,712"
Dec 26 14:11:21	tvcs: Event="Message Received" Service="SIP" Src-ip="41.130.193.41" Src-port="59519" Dst-ip="10.29.10.43" Dst-port="5061" Protocol="TLS" Num-bytes="998" Level="4" UTCTime="2011-12-26 12:11:21,712"
Dec 26 14:11:21	tvcs: Event="Message Sent" Service="SIP" Src-ip="10.29.10.43" Src-port="5061" Dst-ip="41.130.193.41" Dst-port="59519" Protocol="TLS" Num-bytes="587" Level="4" UTCTime="2011-12-26 12:11:21,643"
Dec 26 14:11:21	tvcs: Event="Response Sent" Service="SIP" Src-ip="10.29.10.43" Src-port="5061" Dst-ip="41.130.193.41" Dst-port="59519" Protocol="TLS" Method="SUBSCRIBE" To="sip:provisioning@tele.med" Response-code="407" Level="3" UTCTime="2011-12-26 12:11:21,643"
Dec 26 14:11:21	tvcs: Event="Request Received" Service="SIP" Src-ip="41.130.193.41" Src-port="59519" Dst-ip="10.29.10.43" Dst-port="5061" Protocol="TLS" Method="SUBSCRIBE" Request-URI="sip:mmostafa@tele.med" Level="3" UTCTime="2011-12-26 12:11:21,642"
Dec 26 14:11:21	tvcs: Event="Message Received" Service="SIP" Src-ip="41.130.193.41" Src-port="59519" Dst-ip="10.29.10.43" Dst-port="5061" Protocol="TLS" Num-bytes="661" Level="4" UTCTime="2011-12-26 12:11:21,642"

Can any one help me in understanding why this happens?

awinter2 · ‎12-26-2011

Hi Moemen,

there are multiple threads on this forum which explains the requirements for deploying a VCS in a private DMZ, which you can find by searching for 'VCS Static NAT'.

In short, when deploying the VCS-E in a statically NAT'ed environment, it is required to have the 'Dual network interfaces' option key on the VCS-E, as this key unlocks the static NAT functionality of the VCS-E.

You can also find more information on this in the VCS Administrator's guide for X7.0.

Regards

Andreas

View solution in original post

awinter2 · ‎12-26-2011