Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Expressway-E FQDN which IP

Hi,

we have a Expressway-E with two LAN interfaces:

LAN1 -> internal DMZ

LAN2 -> external DMZ with public NAT IP address

At the moment we configured LAN1 but we can`t get the traversal zone online although due to the firewall admin there is "any <-> any" allowed between inside network (Expressway-C) and internal DMZ (Expressway LAN1).

To which IP address the FQDN of the Expressway-E should go? LAN1 or LAN2 or Public IP?

BR

Michael

4 REPLIES

Your VCS-C traversal zone,

Your VCS-C traversal zone, points to LAN2  on your VCS-E (Lan2 is called LAN2 internal on your VCS-e).

Lan1 on your VCS-e has the private IP address on it that the public IP gets NAT-ed into.

PLease rate if useful

Please remember to rate useful posts, by clicking on the stars below.

New Member

Hi Dennis,

Hi Dennis,

in our setup LAN1 is internal LAN (DMZ-internal with private IP) and LAN 2 is in DMZ-external also with a private DMZ-external IP address which is NAT-ed to an external / public IP.

BR

Michael

Exp-C always points to Exp-E

Exp-C always points to Exp-E internal LAN FQDN in a DUAL NIC scenario.

Consider that your Exp-E has 

192.168.1.210 (Exp-C IP) using internal DNS server.

172.17.18.210 (DMZ Internal LAN 1) - FQDN (Expe01.abc.com)

172.18.18.210 (DMZ External LAN 2) Nate'ed to 203.x.x.x

Traversal zone on Core will be pointing to DMZ Internal LAN 1,  if you are using the TLS and certificate exchange is mandatory then point to FQDN which resolves to DMZ internal LAN 1.  In this case it will be "expe01.abc.com".

Regards,

Alok

New Member

In your Expressway-C

In your Expressway-C traversal zone are you using IP address of the Expressway-E or the FQDN? You need to use the FQDN and also you must check that it can be resolved from the Expressway-C. And of course it should point to LAN1 address, which is the internal LAN interface.

But it can be nice if you can post a screenshot from the "System -> Network interfaces -> IP" page.

BTW, in the traversal zone page, it is stating that it's "Unreachable" or something else?

11
Views
0
Helpful
4
Replies