Cisco VCS and composition to an IP address

I have a question about the composition of address Ip and VCS. In the Administrator's guide, he says that VCS determines that an IP address that will be called if it is:

-is the IP of a locally registered endpoint

-Beach one of the subzone of address membership rules is the responsibility of intellectual property

The second point is that of interest. As part of the way in which it is presented, I take this means that if a subarea membership rule has a range of IP addresses that includes the address of a non-registered endpoint then VCS will still attempt to place the call to the endpoint not registered regardless of the setting "Calls for unknown IP addresses" (under the numbering plan). For example,.

Assume the end point has (EP - A) is enrolled in a VCS control that is configured to use the mode indirectly for "calls to unknown IP addresses. The idea here is that there is a highway of VCS. Suppose that there is an end point (EP - B) on the internal network that EP - A wants to call. EP - B is behind the firewall, but it does is not registered in the VCS - C. Finally, suppose the SCV - C has a subarea (let's call it "Internal-Unregistered") with a membership of 10.10.10.0/24 rule.

Now, if the address IP of EP - B is 10.10.10.10 and EP - A dials by IP, will be the call successfully established? Based on the Administrator's guide, the VCS will see the EP - B IP as "known." The Administrator's guide does, really, that the call would be placed. I'm stuck sorta messaging RAS, since EP - B would not be exchanging messages with the VCS - C RAS.

I also wonder about calls from unregistered endpoint. EP - B could call EP - A directly. I don't want to support this behavior in the design (I recommend rather using the numbering of the URI. I am considering set up the Alias of relief on the VCS - C to channel calls from unknown devices to an attendant on the MCU. Regardless, what I was asking is the following:

If I have a membership rule subarea as above and EP - B sends a message of call setup to the VCS - C, the VCS - C would still see the call as coming from the default Zone of the local area? The reason I wonder is because of the way the Administrator's guide defines "known IP addresses.

Thanks in advance.

Kind regards

Bill

Hi Bill,

to answer your question about the first scenario (where EP at dials the address IP of the EP B), VCS would attempt to place the call if there is a rule of type search 'AnyIPAddress' for the local area on the VCS - C (and assuming that the previously mentioned subzone containing 10.10.10.0/24 exists). VCS would be in this case send a message of CONFIGURATION H225 EP B.

For the second scenario, where EP B contains the IP of the EP, EP B would send that an INSTALLATION H225 EP EP a. message would then for the message INSTALLATION with an INSTALLATION containing a reason 'routeCallToGatekeeper", instructing EP B to dial the address IP of VCS instead, since the VCS want to be included in the call, signaling path.

To answer your last question, with regard to the area in which a call of an endpoint not registered (when the IP address of endpoint belongs to a subnet-type subfield) comes on, the answer is that the appeal turns on the default Zone. Calls will be local area if the call comes from a real end point recorded.

I hope this helps.

-Andreas

Tags: Cisco Support

Similar Questions

  • Cisco VCS and integration Lync2013

    Hello!

    Could you tell me please, when CISCO officially support Lync2013 - free new software for VCS - C and documentation on integration?

    The main interest is the possibility of transferring video between CISCO/MCU and Lync endpoints on the H.264 Protocol, who hails from Lync2013.

    Right now, I've got VCS - C and RTM Lync2013 X7.2. During the video call without AMGW appeal established as audio only.

    When using with Lync2010, it worked on Protocol H.263 and CIF resolution.

    Evgeniy salvation,

    We are currently investigating the possibilities to achieve interoperability between Lync 2013, VCS and video devices on the side of the VCS standards-based, it is a work in progress and at this stage, it is to early to provide any factual information on when interop will be available.

    In contrast to Lync 2010, Lync 2013 does not support H.263 for video and it so that will remove the OCS/Lync integration. I do however think that you should be able to make a two-way video between Lync 2013 and VCS-joined endpoints if you use an AMGW tried that yet?

    Thank you

    Andreas

  • Cisco VCS and LDAP for authentication of users

    I have a question about setting up LDAP for authentication of the user on the VCS. I want to have redundancy in my LDAP link. I believe that this is possible by setting a FULL domain name to the address of the LDAP server, then selecting a type of SRV resolution. What I'm not clear on is what the value for the server address would be if I used actually as SRV type of resolution. I should also add that I am looking to use TLS

    To clarify, if my AD domain name is myad.netcraftsmen.net. I have set the field as server address:

    myad.netcraftsmen.NET: assuming that VCS properly interrogate the DNS for the _service._proto correct parameters?

    or would I need to create an SRV record to that effect and set the field server address with the address (including the fields of _service._proto)

    or I need to specify one of the SRV records formats used by MS AD areas (there are several).

    If the latter, then what SRV record for TLS. I don't see records with port 389 (non-secure).

    My intuition tells me that this is probably the first option, but I could be far away.

    Anyway, thanks in advance for any input.

    Kind regards

    Bill

    Hi William,.

    I just checked it on a X6.1 VCS, and it seems that VCS searches SRV _ldap._tcp.domain (where 'domain' has been entered as the server address), both when the encryption is set to 'None' and 'TLS '.

    Hope this helps,

    Andreas

  • Cisco VCS and MCU - Conference does not

    Dear community members

    I have problems in the VCS configuration to work with the MCU to join to several endpoints in a conference. The components that I use:

    -Cisco VCS control v8.7.

    -Cisco 5300 MCU 5310 v 4.5 (1.72)

    -3 x SX20 end points

    I recorded every endpoint and MCU on VCS, but I'm not able to do a conference call 3-way, the only option is 1 video and 1 audio (I disabled the Multisite option). It seems that VCS does not yet call the MCU in the game.

    Kindly help us with it.

    Can you tell us how you set up the Conference and how you have configured MCU and endpoints?

    From the sounds of it, you call each end point of one of the SX20s, but you must call simply directly in the Conference on the MCU.  If you want to have a conference point to point between two end points and then degenerate into a multipoint conference on the MCU, you must configure Multiway.

    With the help of Multiway with Cisco TelePresence systems

  • generates keys option for VCS and VCSE cisco

    Hello team,

    How we generate option keys for cisco VCS and example VCSE under keys of the cisco site.

    LIC-VCS-10 Video server Comm 10 Add Non-traversal network calls

    Thank you

    Renji

    Hi Renji.

    If you have already purchased the license and then click on the following link and re build.

    https://Tools.Cisco.com/swift/LicensingUI/tandbergLicenseLookup

    If it is not purchased then contact your account key to Cisco for new purchase Manager.

    HTH

    Kind regards

    Dharmmesh

  • Cisco BE6k and VCS Center/periphery

    Hi all

    There is a new Be6k high density in the test environment.

    However, we have no clear idea about the VCS Core/edge with the CUCM deployment in the BE6k.

    1. We install the VCS core and edge on the same server BE6k? After that, the edge of the VCS awarded with a DMZ ip address? Or install the other edge of VCS of the device?
    2. What the configuration between CUCM and VCS? Because I can not any related document of the Cisco.com.

    Best regards

    Ben Lai

    1 both work, you just need to make sure good design and configure the underlying network and ports that connect each VM

    2 MANY West information on this

    http://www.Cisco.com/c/en/us/support/unified-communications/Telepresence...

  • Restricting calls between a subarea and specific extensions on Cisco VCS

    Hello, I use Cisco VCS 8.5.3, my goal is to restrict calls between a subarea and specific extensions.
    I tried following solutions:

    1. Download of XML strategy
    2. Use of political appeal web interface in order to limit calls

    XML file:


     
     


     
       
       

       
       

       
       

         
       

       
     


    But when I apply the XML file, or try using the web simple rule (for example: 11111 12222 destination source, dismiss the action) I'm still able to place the call to 11111 to 12222.

    What can be the cause of the problem and what else can I try to be able to prohibit calls between a particular Subzone and exentions?

    Attached, is an example of CPL script that should work.  Using this script, CPL, I was able to block calls to a subarea set to a destination alias located in the subzone of default and was always able to call any other end point in the default subfield without problem.  Note that you must enter the name of the subarea, as you have configured on the VCS, including spaces if they exist.

    The scenario is based on the example of CPL "limiting access to a local gateway" X8.5 VCS Administrator's Guide on pg 413, other documents of CPL reference and examples can be seen starting on pg 410.

  • Vcs Tandberg and Cisco VCS control

    Hello

    I have a client with an old would invest video and new servers.

    Old video servers

    Control system Tandberg video Communication Server - part number = 117500

    Application of Tandberg video Communication Server Expressway - part number = 1163402

    New video servers:

    VCS License Control - Part Number - R-VMVCS-CTRL-K9

    VCS Expressway License - Part Number - R-VMVCS-EXPWY-K9

    According to Cisco x8.2 Clustering:

    -Each peer runs on a hardware platform with equivalent functionality; for example, you cannot cluster one
    peer running on one core 2 average VM with peers running on base 8 large virtual machines

    Means that the physical old VCS cannot be grouped with new virtual VCS.

    Thank you.

    Hi zizou.

    You can include a device VCS with a VCS VM as long as their matches of software and their hardware platforms have equivalent capabilities.

    Device VCS clustered with VCS VM running on core 2 MediumVM = YES

    VCS machine clustered with VCS VM running on 8 cores LargeVM = No.

    "you can even cluster that are running on the standard devices with peers running on core 2 Medium VMs, but you can not group a peer running on a standard unit with peers running on base 8 large virtual machines.

    (p.4)

    http://www.Cisco.com/c/dam/en/us/TD/docs/Telepresence/infrastructure/VCs/config_guide/x8-7/Cisco-VCs-cluster-creation-and-maintenance-deployment-guide-x8-7.PDF

  • Cisco VCS X6.1 and MS Lync 2010 over TLS

    Hi all!

    I have a problem of integration CiscoVCS (X6.1) and Lync 2010.

    I couldn't configure control VCS to Lync connection over TLS, but I've done with TCP.

    If I try to TLS, there is detail = "bad packet length", event = 'Outbound TLS negotiation Error' records in the control of VCS event log.

    The VCS and Lync certificates are of the same CA approved with their FQDNs as object names and the VCS and complete Lync with EDCS are in the DNS system. Of course, VCS and complete Lync, what subjects of certificates, used in VCS approved area and host of destination trust app Lync.

    Calls for VCS is the intellectual property of the EFF Lync. We use no HLB and administration. Also, VCS is autonomous, without any load balancers or clustering.

    Lync signaling is done, but as I see it, VCS cannot send the data back.

    Lync is on Server 2008 R2 x 64

    Thanks for your suggestions!

    In reflection of the c20 position, what image software do you run on the VCS?

    with:

    s42700x6_1_0.tar.gz     21-Apr-2011 12:39  266M
    

    or without:
    
s42701x6_1_0.tar.gz     21-Apr-2011 12:43  266M
    

    encryption?

  • What is the difference bewteen MCU, VCS, and SRI (DSP-3)

    Hi all

    We lack CUCM 9.X. I want to integrate Cisco 9971, 8945 with TP Endpoint (EX60 and Tandberg C40). I read this wonderful document (https://supportforums.cisco.com/docs/DOC-30750), but I still have some doubts.

    What is the difference bewteen MCU, VCS, and SRI (DSP-3). For all I know, ISR running DSP3 is the chepaiest option but I don't know if the HD video is supported.

    Thanks regarding

    Remember messages useful rate by clicking on the stars below.
    Favor calificar todos las responses useful dando click in las estrellas mas abajo.
    ___________________________________________
    LinkedIn profile: do.linkedin.com/in/leosalcie

    Hello

    According to the document, you are referring to which I posted previously

    VCS is a call control system call manager but for video end points only, then CUCM is for voice and video, and now it becomes control system of very mature appeal for video communications with native support for video of many recordings of points

    MCU is a material that can be used to host the multi point/party video calls that can be registered to CUCM or VCS according to design

    SRI with DSP/PVDM 3 is the concept of the MCU, but can be used for small multi-point calls and normally remote sites that need local accommodation to a call to reduce the load on the WAN link when most of the participant in the same place for example! and it dose taken support HD but limited features compared to MCU

    for example PVDM3 doe does not support HD when participants are expected to use different video formats

    hope this helps

  • Configure to integrate Cisco ASA and JOINT

    Hello

    We have Cisco ASA and JOINT, need assistance on the integration of the same thing; Please email me so that I'll share the details of the architecture.

    Thank you best regards &,.

    REDA

    Hi reda,.

    If I correctly your diagram, you do not want to send any traffic from the external switch to the JOINT with a SPAN port and all traffic from your DMZ interfaces with another.

    Is this correct?

    If so, can you tell me why you want to inspect the traffic before it goes through the firewall? As I said in my original answer, we generally advise putting IP addresses after the firewall.

    Not to mention that in your case, I guess that some traffic will be inspected twice so you will need to assign a different virtual sensors to each JOINT internal interfaces to ensure that the same instance does not see the traffic of several times.

    Kind regards

    Nicolas

  • NAT on 8.3 and VPN tunnel with overlapping addresses

    Hi all

    I was looking at this document from Cisco and I think I understand how to convert the nat policy than the version 8.3 and later, but I was wondering what is happening to the acl crypto, you are always using the same as the older versions? As you know the 8.3 then NAT requires to use the original instead of the address translated to the ACL, but I don't know if this applies to crypto ACL as well. Pointers?

    Example from the link:

     access-list new extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0 !--- This access list (new) is used with the crypto map (outside_map) !--- in order to determine which traffic should be encrypted !--- and sent across the tunnel. access-list policy-nat extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0 !--- The policy-nat ACL is used with the static !--- command in order to match the VPN traffic for translation. 
     static (inside,outside) 192.168.2.0 access-list policy-nat !--- It is a Policy NAT statement. !--- The static command with the access list (policy-nat), !--- which matches the VPN traffic and translates the source (192.168.1.0) to !--- 192.168.2.0 for outbound VPN traffic.
     crypto map outside_map 20 match address new !--- Define which traffic should be sent to the IPsec peer with the !--- access list (new).

    Thank you

    V

    Hi rc001g0241,

    I posted your question for clarity sake along.

    "what happens to the crypto acl, always use you even as older versions?"

    As you can see, Cisco doc you posted shows that you need to target for crypto engine is what happens after the nat policy has succeeded, illustrated here: "address match map crypto outside_map 20 new".

    "As you know the 8.3 then NAT requires to use the original instead of the address translated to the ACL, but I don't know if this applies to crypto ACL as well. Pointers?

    There is no such requirement and ACL target you in the engine crytop for the tunnel bound traffic can be a natted post address, that's what shows Cisco Doc and it is correct.

    Hope that answers your questions.

    Thank you

    Rizwan James

  • Cisco ASA5520 facing ISP with private IP address. How to get the IPSec VPN through the internet?

    / * Style definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-marge-top : 0 ; mso-para-marge-droit : 0 ; mso-para-marge-bas : 10.0pt ; mso-para-marge-left : 0 ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ;}

    Hello guys,.

    I have Cisco ASA5520 facing the ISP with private IP address. We don't have a router and how to get the IPSec VPN through the internet?

    The question statement not the interface pointing to ISP isn't IP address private and inside as well.

    Firewall configuration:

    Firewall outside interface Gi0 10.0.1.2 > ISP 10.0.1.1 with security-level 0

    Firewall inside the interface Ethernet0 192.168.1.1 > LAN switch 192.168.1.2 with security-level 100

    I have public IP block 199.9.9.1/28

    How can I use the public IP address to create the IPSec VPN tunnel between two sites across the internet?

    can I assign a public IP address on the Gig1 inside the interface with the security level of 100 and how to apply inside to carry on this interface?

    If I configure > firewall inside of the item in gi1 interface ip address 199.9.9.1/28 with security-level 100. How to make a safe lane VPN through this interface on the internet?

    I'm used to the public IP address allocation to the interface outside of the firewall and private inside the interface IP address.

    Please help with configuration examples and advise.

    Thank you

    Eric

    Unfortunately, you can only complete the VPN connection on the interface the VPN connection source, in your case the external interface.

    3 options:

    (1) connect a router in front of the ASA and assign your public ip address to the ASA outside interface.

    OR /.

    (2) If your ISP can perform static translation of 1 to 1, then you can always finish the VPN on the external interface and ask your provider what is the static ip address assigned to your ASA out of the IP (10.0.1.2) - this will launch the VPN of bidirectionally

    OR /.

    (3) If your ISP performs PAT (dynamic NAT), then you can only start the tunnel VPN on the side of the ASA and the other end of the tunnel must be configured to allow VPN LAN-to-LAN dynamics.

  • IPSec VPN between Cisco ASA and Fortigate1000

    Hello

    I find a useful document on how to create a tunnel VPN IPSec with ASA 5510 firewall Fortigate 1000...

    the configuration of the coast FG is done without any problem, BUT the document (. doc FG) said I must configure the ASA with a GRE interface and assign an internal IP address in order to communicate with the FG...

    The question is: How do I configure the interface on the SAA ACCORD?

    Thanks in advance, Experts...

    Kind regards...

    ASA firewall does not support the interface/GRE GRE tunnel.

    If you need to have GRE configured, you will need to complete the GRE tunnel on router IOS.

    If you want to configure just pure tunnel VPN IPSec (lan-to-lan), here is an example of configuration on the side of the ASA:

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a0080950890.shtml

    Hope that helps.

  • VCS and ports AD

    Hi all

    I try to use the AD authentication for user movi.

    My VCS control is in DMZ and the ad server is on LAN.

    the question is: which ports are used by VCS to connect with AD?

    I've read the: "Authentication devices Deployment Guide Cisco VCS X7.0" but there are not any mention on the tcp/upd port used for this

    my devices are:

    VSC c + e: 7.0.2

    TMS: 13.1

    MOVI Jabber: 4.3

    Thank you in advace,

    Carlo

    Hello Carlo,.

    Please check the link for the ports in detail below:

    http://www.Cisco.com/en/us/docs/Telepresence/infrastructure/VCs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-0.PDF

    see Appendix 5

    Thank you

    Alok

Maybe you are looking for

  • How can I export bookmarks from Firefox to Safari 5.o.1?

    I went to help and has learned to use 'Organize Favorites '.Under the bookmarks in the toolbar does not seem this command.

  • Question of interface Vector Xl xlLinsetSlave()

    Hi, I am developing a flash flash file for vector xl driver hex tool. I wrote ahardware configuration for vector file driver xl using the interfaces provided by the vector. my setup is very much like in the example provided by the vector. but when I

  • ScanJet g4010 - software do not install windows 8.1 - 64 bit

    I recently had to upgrade my computer - I have a HP Pavilion with Windows 8.1 (64-bit).  I have a ScanJet G4010 and can't do the drivers/software to install.  I've disabled my anti-virus (McAfee) and downloaded.  When I click to open the download it

  • DeskJet 3050 wireless printing

    I am using windows Is it possible to print to Deskjet 3050 wireless? No router? I wonder if it is possible to print wireless and have the printer to connect wirellessly to the laptop without going through a network (router). Currently I can fine prnt

  • only drivers

    Computer geeft aan dat ik ook drivers heb, hoe los ik said clean computer op is ook heel traag. Like een Holland