Configuration X8.2.1 Expressway
We strive to set up Expressway in order to use Jabber in and out of the office, but after a week of blood, sweat and tears, we did not get anywhere...
X8.2.1
We have tried to follow all the guides provided by Cisco in this configuration, but it doesn't seem to work as expected.
Our userID in society is userID, e-mail addresses and the addresses used to Jabber [email protected] / * /
Our channel Express in the DMZ is at expressway.domain.com
Our internal domain is internalDomain.local
We have made the necessary DNS entries:
_collab - edge._tls.domain.com pointing to expressway.domain.com (external DNS)
_cisco - uds._tcp.domain.com pointing to cucm.internalDomain.local (internal DNS)
_cuplogin._tcp.domain.com pointing to IMandPresence.internalDomain.local (internal DNS)
When connect us to Jabber internally, unless we specify the type of account as Cisco Communications Manager 9 or later with the selected default server, it tries to connect to WebEx. (On a client PC)
We cannot use [email protected] / * / connect because it fails. If connect us with just userID, it works.
On our phones using Android or iOS internally, the automatic server settings do not work;. If I select Auto and type [email protected] / * /, it tries to connect to WebEx.
I have to enter my address in format [email protected] / * / to be able to move forward
If I select the instant messaging and presence as a server type, I am required to enter a server address. If I get domain.com; He tells me that it cannot find the server. If I get the address IP of CUCM; He said once again that he cannot locate the server.
If I enter the IP address of the instant messaging and presence server, it works.
Outwardly, nothing works. Here are a few logs a unsuccessful login from an iPhone running 10.6.1
-2015-03-23 11:17:52.662 INFO [c1ca000] - [csf.dns] [makeQuery] SRV registration. _collab - edge._tls.domain.com.
--2015-03-23 11:17:52.663 INFO [c24c000] - [csf.edge] [runEventLoop] events entering the reactor-event-loop wire loop reactor
--2015-03-23 11:17:52.663 INFO [c24c000] - [csf.edge] [runEventLoop] reactor loop event incoming wait()
-2015-03-23 11:17:52.664 INFO [afbe000] - [csf.edge.capability.CredentialsManagerWrapper] [enableEdge] Edge has been activated
-2015-03-23 11:17:52.664 INFO [afbe000] - [service-discovery] [getConfigValue] to EdgeSsoExclusivity of ConfigFeatureSet
-2015-03-23 11:17:52.667 INFO [c1ca000] - [csf.dns] [makeDnsQuery] the response number is 1
-2015-03-23 11:17:52.668 INFO [c1ca000] - [csf.dns] [logResult] *-* _collab - edge._tls.domain.com of the DNS request. has succeeded.
[csf.httpclient] [configureEasyRequest] *-* HTTP to request: https://expressway.domain.com:8443 / oauthcb [0]
-2015-03-23 11:17:52.688 INFO [afbe000] - [csf.httpclient] [CurlHeaders] number of Request Headers: 1
-2015-03-23 11:17:53.129 INFO [afbe000] - [csf.cert.utils] [parse] number of fields subject Alt name: 2
-2015-03-23 11:17:53.149 INFO [afbe000] - [csf.cert] [handlePlatformVerificationResultSynchronously] verification result: reason for SUCCESS: [INVALID]
-2015-03-23 11:17:53.149 INFO [afbe000] - [csf.httpclient] [verifyCertificate] *-* result of verification of certificates: SUCCESS
--2015-03-23 11:17:53.150 INFO [afbe000] - [csf.httpclient] [verifyCb] certificate verified by application
--2015-03-23 11:17:53.457 INFO [afbe000] - [csf.httpclient] [curlCodeToResult] curlCode = result [0] = [SUCCESS] active fips = [false]
-2015-03-23 11:17:53.457 INFO [afbe000] - [csf.httpclient] [executeImpl] *-* response from HTTP: https://expressway.domain.com:8443 / oauthcb [0]-> 400.
-2015-03-23 11:17:53.458 INFO [afbe000] - [csf.httpclient] [executeImpl] Http Response Code = [400] ask [0].
--2015-03-23 11:17:53.459 INFO [afbe000] - csf::http:HttpClientResult [csf.config] [mapToHttpUtilsResult] = HttpUtilsResult [SUCCESS] = [SUCCESS]
-2015-03-23 11:17:53.459 INFO [afbe000] - [csf.config] [isSSOSupported] query load SSO is successful. Result: NOT_SUPPORTED
-2015-03-23 11:17:53.459 INFO [afbe000] - [edgeSSODetector] [isSSOSupported] VCS has NOT_SUPPORTED SSO and it is not already enabled SSO
-2015-03-23 11:17:53.460 INFO [afbe000] - [edgeSSODetector] [configureEdgeAndSSO] Edge is NOT enabled sso and there is NO other sso Enabled services
-2015-03-23 11:17:53.460 INFO [afbe000] - [service-discovery] [inhibitOnPremSSO] inhibitor of corrosion on prem SSO on all components of SSOAware. Known components: 3
Any help would be incredibly helpful
Ask your company if they actually use WebEx is priority on local servers
4 the client issues an HTTP request to a URL of CASES for the Messenger of Cisco WebEx service. This request allows the client to determine if the domain is a valid domain of Cisco WebEx.
5. the client polls the server names for the following SRV records in order of priority:
You can also disable webex for search services to your customers to avoid this.
You are supposed to only use [email protected] / * / for the first time so you will discover the SRV records, then it's just user, until you recover the client. Make sure your SRV records to resolve correctly and that you have all necessary servers in DNS.
I suggest strongly to reach a partner Cisco to help with this deployment, they allow to check what you've done.
Tags: Cisco Support
Similar Questions
-
Dear all
I'm testing the MRA of VCS - C and VCS-E feature
I use the firewall architecture 3 ports that the VCS - C and CUCM are placed inside with the same subnet.
The VCS-E is placed in the DMZ and static use of the ASA 5510 1-1 NAT to translate private IP address: 172.16.0.225 to the public IP address, for example 100.1.1.1
In the context of VCS - C, I use the FQDN of the SCV - F that map to the public IP of VCS-E (100.1.1.1)
And the VCS-E use the FQDN of the SCV - C to map to the IP private of VCS - C
Area traversed in VCS - C is active, but the area crossed in VCS - E is inactive, it is said that server inaccessible.
I found that my VCS-E is not the license of the Advanced Networking option.
In the VCS-E ip settings page, there is not any NAT setting
I want to ask if I need to use NAT, in addition to the NAT of firewall functionality, I need also the license of advanced networking option to activate NAT in VCS - E?
Or it may work to use only the function NAT firewall without NAT for the VCS - F?
Also, I put the reflection of the NAT to my ASA 5510
Hello
The option networking advanced to activate NAT on VCS - E or the edge of the highway is a requirement for the crossing of firewall deployment.
Useful guide:
Deployment Configuration Guide (Control with Expressway) Cisco VCS Basic (X8.7)
With your case about the progress of the deployments of networks, you will need to follow the 3 firewall ports using single VCS Expressway LAN Interface DMZ on the guide on page 60.
Kind regards
Acevirgil
-
Video Jabber for TelePresence, VCS-E connection problem
Hello
I recently configured control VCS, VCS Expressway and TMS. Two VCS servers are software X7.2 and TMS is on 14.1.1 commissioning is configured between the VCS control and TMS, everything works OK internally and users can log in their Jabber client of telepresence video.
When you try to connect via the highway-VCS I get the following question: "connection refused by the server. Try to connect again later"
Area authentication is configured like this:
VCS-Highway
Sub-area by default: do not check the credentials
Area Sefault: Do not check the credentials
Crossing area: Do not check the credentials
VCS-control
Default subfield: treat as authenticated
Area by default: credentials check
Subarea: Credentials Check {area which movi users register to regex function}
Crossing area: Do not check the credentials
Search the rules between the two VCS game [email protected] / * / OK.
The only port of the restrictions in place here are between the VCS control and VCS Expressway, outgoing ports open to the highway of the SANCTION.
It seems to me that there is a connection problem, as opposed to an authentication problem. also, do I need to configure a SIP domain local VCS-Highway even if I try to proxy, registration to the VCS control.
Would be appreciated if someone can verify my authentication area also...
Thank you
Simon,
to do this, you re normally the area on VCS - C as "check credentials.
If you want to proxy of VCS VCS-C-E records, you should not add the SIP domain name to the VCS-E.
"Rejected by the login server" sounds weird in this case, however, could you share what you use for this deployment, the SIP domain name so that we can verify that your DNS SRV records are fine?
-Andreas
-
Nice day!!
One question, why in the Certification Authority does not appear the highway in the area MODEL of CERTIFICATE option. There is only the options showed in the (image1) and in that configuration guide appears model expressway (image2)
Thank you
To better understand your problem, which guide or your reference in image2?
In the meantime, suggest that take a look at the Guide to creating certificate Expressway.
-
VCS Expressway & movi 4.2 configuration
Hi all
I created movi account manually in the TMS and it work perfectly with VCS - control.
However, it cannot register for VCS expressway. Is it mandatory to have a name authority pointer record in DNS?
For example, configure us abc.com as the domain name SIP Highway VCS, is mandatory to fix abc.com as public highway VCS by DNS server IP address?
Thank you
Ben
That is to say you do not originate in the AMZ comes directly to the public IP address of the VCSE
If that's the case at least, you should see registration tent if nothing can be seen then you need to look at the firewall
is he ASA? try tp packets capture and see why you arew not hitting the VCSE using SIP
as it could be firewall issue!
HTH
-
Bandwidth configuration Expressway
Hello
Can someone let me know to change the bandwidth on Hwy C and E server configuration.
This will affect the quality of B2B video calling and Conference I endpoints MX800, DX 80, EX80 and C60.
I also have the TMS, is it also requires change bandwidth on MSDS.
The conductor, I configured HD for the teleconference scheduled.
Bandwidth restrictions: the speed of maximum Session for video calls on the default region on Cisco Unified Communications Manager is 384 kbit/s by default. The bandwidth by default call on Highway-C is also 384 kbit/s by default. These settings may be too low to provide the quality expected video for the DX series.
http://www.Cisco.com/c/dam/en/us/TD/docs/voice_ip_comm/Expressway/Admin _...
Kind regards
RACLOT
Hi r.,.
Cucm point of view, it is a function of the parameters of the region. As explained with examples in the SRND
When a video call is established between two video end points, audio and video streams are established and the bandwidth is deducted for the negotiated rate. Unified CM uses regions to determine the maximum bit rate for the call. For example, with a Cisco TelePresence EX90 system to higher detail of 1080 p at 30 frames per second (fps), the rate negotiated between regions would have set at 6.5 Mbps. EX90s used in this scenario would be on average about 6.1 MB/s for the session. When endpoints start the presentation during the sharing session, BFCP is negotiated between the two ends and a video stream is activated at 5 fps or 30 fps, depending on the endpoint configuration. In this case, endpoints are butterfly to the bottom of their main video stream to include the video presentation so that the entire session use more than the allocated 6.5 Mbps throughput. Thus, the average bandwidth consumption remains the same with or without presentation sharing.
Immersive Telepresence and desktop settings such as the Cisco TelePresence system 500, 1000, 3000, and TX9000 Series, who are negotiating a call between them work a little differently in the sense that the video of presentation of sharing is additional bandwidth beyond what is allocated for the main video session, and so it is not deducted from the Enhanced location CAC.
More details are given here
http://www.Cisco.com/c/en/us/TD/docs/voice_ip_comm/CUCM/srnd/collab09/CL...
In addition, as stated in the previous post "bandwidth restrictions put in place by the call control infrastructure will be replace this parameter.", it means that for the endpoints registered with cucm cucm parameter will prevail.
Manish
-
Strange orders in the log Configuration for VCS Expressway
Check my journal of VCS configuration, I found hundreds (perhaps many) of these commands:
2015 04-28 T 16: 02:23 - 03:00 "Elements UTCTime =" 2015-04-28 19:02:23, 515"Event ='System Configuration changed" node = "[email protected] / * /" detail ="xconfiguration fail2banJailStatus uuid 09637cfe-b0af-4d6f-9bab-6f59ba305156 prison: total_fails http this intrusion - last: 3 to: 4" What is c? A hacker trying to invade my VCS?
This highway of VCS is in a public IP address, with the disabled SSH, HTTPS is only allowed.
In a manner of speaking, possibly. These are due to having you activated automatic detection. The IP address 127.0.0.1 is always "self." The VCS is simply the recording of hack attempts. You can see the numbers from 0 to 1, 4 or 5, etc., as attempted access failures are recorded. It depends on what you have set up in the automated detection of which is controlled, and eventually be blocked in case of several events in the detection window. You will need to look at your configuration and possibly other newspapers to determine if a real intrusion event occurs.
-
Jabber client - encryption of VCS Expressway with MRA
Hi all
I'm working on the implementation of MRA for a video solution existing. Version CUCM is 9.1.2 (no IM & P server), vcs - c and vcs-e 8.2.2. Client Jabber is 11.5.x
I finished most of the introduction and I am able to call internally and externally through MRA.
I still have a few things to tweak. One is the encryption of video calling once jabber connects from outside. From my understanding, the thigh jabber call end point and VCS Expressway uses TLS. But when I run wireshark on the PC with Jabber client, I don't see the RTP stream as being encrypted.
CUCM my jabber device does not use a secure profile. Is it ok or not?
Please let me know if more are needed. Thank you
You can confirm the call is encrypted from the client of jabber MRA by doing as follows (I used 11.5 jabber client, if you are using an older client, I can't guarantee this method):
1. make a call from the client jabber ARM, once the call is configured and media is established, you can end the call.
2. create a jabber client problem report (help > report a problem...)
3. Enter the required details and save the .zip file.
4 extract the file "jabber.log" from the .zip file. Since this file (at least since the version of client jabber 11.5) has the SIP messaging included in this document, you can use TranslatorX to view the file (you can also use a text editor if you wish).
5 generate a diagram of the log file.6. in the diagram of the scale, you should be able to locate the origin of the call. Search for an invitation, in my case a "RE-INVITE" and select it. A pop-up window will appear with the details of the SIP message.
7. read the content of the message prompt of the SIP protocol (focusing on the SDP - the component of negotiating media). I won't go into detail about how to read SIP messages (there's a good article here, it is not for jabber specifically, but the same concepts apply).
8. close the prompt message and open the message 'OK w/SDP' to examine the response of the VCS-E. The SDP response, we can confirm that the encryption settings have been accepted for the media (media will be encrypted).
For re - apply point Jamie, unless you run CUCM in mixed mode and using security profiles, signalling/media encryption stops on the thigh of CUCM/endpoint and the VCS - C respectively. See the diagram below for reference (mixed mode not implemented).
You need not applied to the device of CSF security profiles to obtain the encryption between the client of jabber MRA and the VCS-E. If you can decode signaling and media packets in Wireshark your jabber client, you probably will not connect via ARM (ARM is always encrypted).
Please let us know if that helps.
-Jon
-
Dear Experts,
I'm new to the Cisco UC world and try to understand and to implement Cisco ExpressWay-E/C technology. Can someone help me understand the following.
1. is there is no particular reason to place MDZ ExpressWay-E?
2. do I need additional firewall for Cisco Expressway-C?
3. Cisco ExpressWay-E/C support for different internal areas?.
4. don't Cisco Expressway-E/C surrport so I have internal domain hosted on the public network server?
Thank you
Tamimi
1 highway-E is the vehicle that is used to communicate with customers who are on the internet. For this reason, to place the Expressway-E in the demilitarized zone or the external network, the two configurations are supported by Cisco.
2. other firewall is not necessary. The example guides show is an example for customers with additional firewall and if they do not allow traffic be routed directly from the internal network to external.
3. you can configure different areas on Hwy C/E and will work in most cases, but this configuration is not supported by Cisco.
4 not sure I understand this question, but if you ask to have to host your own Public DNS servers, which should not be a problem and does not have a correlation with the C/E highway.
-
Question record DNS SRV + VCS Expressway
Hi all
I have a South, VCS in the DMZ, and I am facing a problem with the SRV DNS records.
VCS Expressway Hostname:-VCSe
Domain: example.com
FULL VCSE domain name: VCSe.example.com
and I have an a record set up for the same FQDN in DNS Public Server.
I have a sip domain configured as 'cisco.com' in my VCS Expressway.
What is the SRV records, I need to create in the Public DNS server.
Kind regards
Nikhil Jayan
Nikhil,
It seems that you have not checked the link I sent you earlier... A very explicit documents. in any case that we talked about earlier is we were talking about signs send calls to the highway as well as parts of the record.
In your deployment, you have a different domain for DNS and SIP domain. Also as you say you meet Highway cluster and you want to record to both endpoints and then I suggest you to check the document for the creation of cluster on cisco webesite.
Now, if you have a cluster for Highway then you must create several srv records that would be pointing to each domain name FULL of the approved cluster with equal weight. In normal use scneario of domain common to different services are recommended.
Srv records would have seen something like that.
_sips._tcp.company.com. 86400 IN SRV 1 1 5061 vcse1.company.com.
_sips._tcp.company.com. 86400 IN SRV 1 1 5061 vcse2.company.com.
_sip._tcp.company.com. 86400 IN SRV 1 1 5060 vcse1.company.com.
_sip._tcp.company.com. 86400 IN SRV 1 1 5060 vcse2.company.com.
_h323ls._udp.company.com. 86400 IN SRV 1 1 1719 vcse1.company.com.
_h323ls._udp.company.com. 86400 IN SRV 1 1 1719 vcse2.company.com.
_h323cs._tcp.company.com. 86400 IN SRV 1 1 1720 vcse1.company.com.
_h323cs._tcp.company.com. 86400 IN SRV 1 1 1720 vcse2.company.com.
_h323rs._udp.company.com. 86400 IN SRV 1 1 1719 vcse1.company.com.
_h323rs._udp.company.com. 86400 IN SRV 1 1 1719 vcse2.company.com.
However, your case is different. In your deplyoment what you have to do is any request for the domain "cisco.com" should be resolved in FQDN of the VCS-Highway peers with equal weight.
for example
_tcp.gmail.com. IN SRV 20 0 5222 talk2.l.google.com.
Therefore, any request to gmail.com would resolve to the talk2.1.google.com server.
same way you have to make it work.
Thank you
Alok
-
VCS Expressway outside to endpoints internal call
I have a new implementation where internal control 1 to VCS in LAN and VCS Expressway in DMZ 1.
VCS Expressway has an IP public address/NAT.
Currently, we have a group of VC endpoint, each endpoint has a public IP/NAT to the local network, to allow internet to make H.323 call directly by public IP address of the composition of the endpoint.
My question is, after having implemented VCS Expressway in DMZ, how do the numbering plan at each endpoint internal VCS Highway outside call? Do I still need to give to each endpoint an ip/NAT publich.
Thank you very much.
A much simpler and in my opinion, more elegant and more scalable solution would be not to use IP addresses for calls, but to allocate and register outcomes with E.164 alias. That way you all you need is the internal IP address.
So the outer ends may, in this case, call your settings using the [email protected] / * / or [email protected] / * /-E_IP_address.
Internal assessment criteria can call each other using alias only for as long you have the rules of research in place, and cannot therefore have the external ends you will allow to record with you VCS-E for one reason or another.
If you have the outcomes of Polycom external with the old version of the software that does not support Annex O URI component, then it's very simple to include a transformation of prior research on the VCS-E which will allow these settings call using owners 'numbering URI "; VCS-E_IP_address ##Alias - and if you, on the odd occasion, a final point which cannot use anything other than IP addresses, you can configure the alias of relief on the VCS-E to point to a specific or a standard automatic on a MCU, purpose etc.
A dial plan using as above will also allow you to use DHCP addresses, the alias remains static, and that's what counts, addresses much simpler to give to people. e.g. 123456 is much easier to remember than 202.138.98.23 etc, not to mention the IPv6 addresses, and because you save your settings with domain name, and then customers SIP will also be able to connect very easily.
/Jens
-
IP address component Expressway-C
A requirement to the composition of the IP route of CUCM recorded both internal endpoints H.323 endpoints and external H.323 endpoints.
Expressway-C and E and configured SIP 'IP address' model of routing to the highway-C.
Issue.
If I set "Calls to unknown IP addresses" live on the highway-C, I understand that Express-C can then reach out and the independent H.323 endpoint point of signals directly. However, how one also have the ability to route to unknown external IP via road Express-E addresses.
So, if I put the channel Express-c in Direct mode, is failover Indirect mode if it does not receive a response from an end point?
Thank you
Ben
The idea is not bad and it can be done in reality at work, especially if you can distinguish internal IPs / outside. (superficially tested in the laboratory, it worked)
As the search rules appear not to apply models comparison of IP addresses and CUCM supporting not IP composition anyway, I let the transformation of intellectual property "alias" used for circumvention of numbering CUCM IP for a real to the Exp-E/Exp-C IP (2) and then route be as model alias corresponds to an internal or external IP address.
For example, let's say you use
@ip.net as model of SIP URI for the composition of ownership intellectual of CUCM and your internal IP address are all in 10.0.0.0/8 Exp - c (1) create two rules of research, 10. [0 - 9.] [email protected]/ * /, pointing to the area of Exp - C (2) nearby, then a second rule [0 - 9.] [email protected]/ * / pointing to the crossing area of Exp - E.
Both Exp - C (2) and Exp - E have a transformation of regex for--------([0 - 9.] * \)@IP.net to replace with \1)
In addition, both will have the interoperability of SIP-H323 gateway license.
See you soon,.
Zoltán -
Hello, everyone.
We have donated some equipment to set up a SIP network and there are a few problems.
For the internal endpoints, we have a customers EX90, C90 and MOVI. We also have a single Starter Pack Expressway VCS (* without * the dual NETWORK card option).
For our firewall imagine 3 interfaces: inside, outside and DMZ. The DMZ has public/Internet IP addresses. There is no between the inside and the DMZ - NATing it only the NATs as it passes through the external interface (which is of course the interface connected to the Internet).
So I just have a few addresses here for the love of communication:
VCS Expressway: 20.0.0.2/25<-- public="">
Internal endpoint EX90: 10.0.0.2/24
Internal endpoint MOVI: 10.0.0.3/24
Again, there are no NATing between 10.0.0.0/24 and 20.0.0.0/25 network.
Everything works (registered through our VCS) internally. When we make an external call, tell the customer MOVI, media gets to the external endpoint, but we do not have any media on internal endpoint (not a single UDP packet). We also noticed the media stream that we send goes directly on the external endpoint (or its VCS) and not through our VCS Expressway.
Another interesting fact, when we put a little linksys router between the endpoints and our business network (endpoints on the local network, business network on they WAN) everything works and the media we paths through our VCS in the demilitarized zone. The only thing I can understand is the VCS realize there is now a NAT between the internal endpoint and himself and changes the path.
I looked through a lot of different documents (VCS base Config Guide, Expressway Starter Pack Deployment Guide, use of the Port IP VCS for Firewall Traversal Deployment Guide, etc.), and none of them that I saw really cover our scenario. Anyone got any ideas on why the media do not work properly? I don't have access to a corporate firewall, but I told myself that the UDP stream will never return to us.
From what I've read in other discussions posted here, it seems that you only need the dual NIC option if your VCS Expressway is coordinated to the Internet (which ours isn't the case). Is this correct?
Thank you
-Matthew Pinkston
Hi Matthew,
In addition to the advice given by Tomo and Alok, you could also take advantage of the 'media encryption Mode' area/subarea on the VCS (this is available in X7.2) to force the Express way to the media even for your internal SIP endpoints.
If you configure for example the "encryption mode Media for the sub-area by default on your VCS-E for 'Best effort', a call between two internal devices registered in the VCS-E would be routed via your VCS-E, media as well as a call between a device internal SIP an external device / remote."
Hope this helps,
Andreas
-
Hello
I just need your confirmation on the following configuration.
VCSC - FW - Internet
|
|
VCSE
We use the double option with NAT Nic key.
VCS expressway wil be connected with 1 single interface LAN for FW. It will be a private ip address. Firewall will be Natting the private ip address of VCSE to a public ip address.
When updating the FW in ruling according to the following link:
Appendix 3 - Page 55-58
What address VCS expressway ip do you need to use FW rules? a private or public?
Thanks in advance.
Ahmed
Hi, Ahmed.
If you use the VCS-E with the option of dual interface for NAT with all of a communication interface,
the internet and your internal network must go to the _public_ ip address, not the private sector
one. If it's not only on the firewall, but also the destination of the area on the VCS - C.
Regards to your firewall, that depends on what must have configured your firewall.
Some firewalls (or at least admins/users) seem to have problems getting the vcs - e accessible from inside on the
external ip address. If there is a problem, you must use the secondary interface of the vcs and set a new
DMZ.
Please remember useful frequency responses and identify useful or correct answers.
-
How to configure a firewall for a SX20 recorded on a highway to VCS
Hi all
As you can see from the picture, I have a classic situation. Everything works fine.
Customer must now use a cisco SX20 in a branch.
The firewall Cisco ASA 5540 is currently configured as follows:
- static (inside, outside) 213.42.140.136 (public IP) 10209252166 (internal ip address)
- access-list extended permitted ip 87.241.12.76 OUTSIDE_access_in (VCS Expressway IP) host 213.42.140.136
I did several tests:
- SX20 H.323 configuration Pentecost Nat On, Off and Auto
In all cases, the system is correctly recorded, but the call signaling does not occur.
- If instead of using my own system with a public IP address, it works very well.
Can someone help me how to properly configure the firewall?
Thanks in advance
Control to the asa that threre are no correction / inspection enabeld to sip, h323, and skinny.
You will find that a doc cordially voip and ASA here:
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a008081042c.shtml
Maybe you are looking for
-
I want safari to my windows 10. where to download?
I got my windows quality and lost my safari.
-
How can I print my lists of distribution for later use if the drive breaks down?
Had a problem with the hard drive on the new computer. Company reloaded hard drive. Lost all email addresses. Had to manually type in THE addresses again. Is there a way I can save my addresses to disk or print it out on paper for later use if I lose
-
Get dangerous & adware Norton msgs during download/install on Vista.
I can't install your product on my Vista PC. Tried many download links, each of them will fail because of Norton (NIS) scanning and advertising markup and/or dangerous messages. You have an absolute safe method to download your product? It is obvious
-
Satellite A200: No audio after update SP1 and NET Framework
Hello After my laptop Satellite A200 update Microsoft .NET Framework 3.5 Service Pack 1 and the .NET Framework 3.5 Family Update (KB951847) x 86 andInternet Explorer 8 for Windows Vista, the speakers and the headphones stopped working. When you go to
-
Satellite Pro L40 Recovery - drive C almost full
Hello I went through the process of recoevery HD so I could sell it to a friend on your own laptop. The process worked well and I spent many nights download of updates etc. When I look at my C drive it shows a dissapointing free 8 GB and 20 GB used s