Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
807
Views
0
Helpful
4
Replies

VCSE Starterpack with only public IP in DMZ without NAT

twiesboeck
Level 1
Level 1

‎06-14-2012 08:17 AM - edited ‎03-17-2019 11:19 PM

Hi

I have problems with my VCSE StarterPack.

My VCSE is located in the DMZ with an offizial IpAddress without nat.

The endpoints are located in the Lan with private IP address

I have no DUAL Networklicense.

Endpoints internal are only registered over Sip.

The VCSE is up and running.

I can make internal Sip calls from endpoint to endpoint.

Or make calls between clients (Movie or Endpoints) which are connected to the Internet and

which are registered to the VCS.

I can call from in to outside, but not only the Signalling over Port 1561 is working.

I have no video and audio stream.

If i m doing the same with an H323 call from outside then it is working.

Then the call goes through the traversal Zone:

Route     DefaultZone -> TraversalSZtoDefaultZ -> TraversalSubZone -> DefaultSZtoTraversalSZ -> DefaultSubZone

A sip to Sip call from outside to inside goes not through the traversal Zone.

RouteDefaultZone -> DefaultSZtoDefaultZ -> DefaultSubZone.

So is there a way to route each Call through the traversal Zone?

Does anyone have up an running such a configuration ?

Best Regards

Thomas

Labels:
0 Helpful
4 Replies 4

Martin Koch
VIP Alumni
VIP Alumni

‎06-14-2012 08:26 AM

I guess there is no NAT in between the internal sip endpoints and the public ip of the VCS?

Is it possible for you to do so? Then the VCS will detect the SIP clients are NATed and should force

the traversal zone.

like:          sip endpoints > nat > vcs-public-ip

Did not check on ice/turn with the starter pack, in the worst case also internal calls would

loop the media through the DMZ.

Also check that all your firewall ports are properly open and the config of the vcs is ok.

Please remember to rate helpful responses and identify

0 Helpful

twiesboeck
Level 1
Level 1
In response to Martin Koch

‎06-15-2012 12:35 AM

Hi,

So the configuration will only work if NAT is used between LAN & DMZ?

Is this right.

But if our customer has routing betwenn this two interfaces i m sure that

it can t be changed because it s the network from a provider !!!!

ICE is turned off.

Firewall(s) should be ok.

0 Helpful

twiesboeck
Level 1
Level 1
In response to twiesboeck

‎06-15-2012 12:48 AM

Hi,

i Have asked our customer,

between DMZ & LAN is only Routing no nat !!!!

Regards

Thomas

0 Helpful

Tomonori Taniguchi
Cisco Employee
Cisco Employee

‎06-15-2012 01:17 AM

VCS specification for SIP call as below:

- Call between SIP UA and one or both of SIP UA’s sip contact address differs from source IP address (For example, one of SIP UA is behind firewall)

VCS Expressway will treat this call as "traversal" call. This will consume traversal call license and media will routed via VCS Expressway (excluding ICE call).

- Call between SIP UA and both SIP UA’s have same sip contact address and source IP address (For example, both SIP UAs are with public IP address)

VCS Expressway will treat this call as "non-traversal" call. This will consume non-traversal call license (or traversal call license if non-traversal call license is not available & VCS run with X7.0 or newer version) and media will directly communicate between two SIP UAs (not routed via VCS Expressway).

So as Martin mention above, if your customer modify the firewall and let LAN network to NAT before accessing external network including DMZ, then call will be traversal call as SIP UA from LAN will have sip contact address differs from source IP address

0 Helpful
Customers Also Viewed These Support Documents