Control in neighborhoods with VCS Expressway rule

Hello everyone.

I wonder if VCS Expressay made a sort of control in the nearby areas.

For example: I want to restrict the neighboring area to perform not more than 2 simultaneous calls.

Best regards

You can restrict the overall bandwidth used for these calls, but not strictly the number of calls.

For example, if your bandwidth standard appeal for your organization is 768 Kbps and you want only 2 calls is nearby at the same time, you create a pipe which has a limit of 1536 kbps total bandwidth and ask the hose for the link to this neighbor.  Links and tips is all two found in a VCS Configuration--> menu of bandwidth.

Who help me?

Tags: Cisco Support

Similar Questions

  • Integration of control VCS with VCS ExpressWay

    Hi all

    I had to submit the question to your experience and knowledge:

    We will integrate a control of VCS with OS X7.1 onboard with an EpressWay VCS with X7.0.1instead.

    Is it going to work or will we need to have corresponding versions of OS/FW?

    If the latter, is possible to downgrade VCS - C OS without the need to have a maintenance and support contract?

    Thank you

    Andrea

    Hello Andrea,

    In my opinion, it should work. Only thing you should take care of bugs that could be corrected in the version of x7.1.

    If you want to downgrade the VCS - c software to x7.0.1, you will be able to do as the key to unblocking would be same for the x version 7 software.

    in my opinion it would be better if you upgrade the operating system version on vcs-Highway to x7.1 as the key to unblocking would be same and just download the software from the site and cisco unity upgrade.

    Thank you

    Alok

  • Tandberg VCS Expressway - rules of appeal policy

    Dear all,

    We are currently deploying DNS resolution on the highway to VCS, and it works as expected.

    However, we would like to block an outside party to call our VIP users, so we are set up the rule of the appeals policy.

    According to the help page of VCS, both the Source and Destination are supported by regular expressions.

    But we found that the strategy of appeal rule is not as planned.

    For example, we have configured

    Schema of the source: [email protected] / * /

    The destination model: [email protected] / * /

    Action: allow

    As a result, the user [email protected] / * / is not able to call the endpoint ex60domain.com.

    Does anyone face the similar problem? Or someone has the recommendation on this matter?

    Best regards

    Ben

    As Andreas mention, you can use the CPL to control call of endpoint not registered by CPL following (just quick example)

    ===============================================================

    "xmlns:TAA ="http://www.tandberg.net/cpl-extensions"

    "" xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance"

    xsi: schemaLocation = "urn: ietf:params:xml:ns:cpl cpl.xsd" >

    ===============================================================

    Another solution is to use the new dial plan search rules introduced in X7.2 release.

    Registration of endpoint of VIP in separate subfield and create specific search rules.

    With X7.2, you can configure the search rule detail as called Protocol and source subfield level targeting specific subfield level.

    Please see page 35 of https://supportforums.cisco.com/docs/DOC-26316.

    (But this little yet complicate when call comes e - VCS to VCS - C where VIP registered endpoint).

  • Best practices for using MSE8350 with VCS Expressway

    Thanks for the tips and suggestions!

    Given that VCS highway is the only entry point from the rest of the world into our network of videoconference, what is the best way to deploy and use an IP MSE8350 GW?

    Organizations put it outside their firewall next to a fast track to allow of the older endpoints direct dial in the menu of the GW IP system? We have one that does nothing and I'm trying to figure out what to do with it. (bought before that I'm here).

    Thank you!

    It always depends on what the needs are. It can be deployed inside, outside, both in combination with the

    VCS or even autonomous.

    I have often seen it deployed inside, so she can speak the TMS to receive directories.

    This deployment also gives you the ability to reach endpoints on the IP addresses of the internal network.

    The VCS-E (and (C) have an option for a back fall alias, you can simply set the address of the

    IPGW. In this scenario, a call to the ip address of the vcs-e will hit the ipgw inside.

    This limits also all external ip for VCS-E (s) connectivity.

    For me its sad to see that the IPGW is end of life, I think it would be perfect as an IVR system

    and could be combined with for example the conductor.

    If you still can't find a way to use it, feel free to donate to me ;-)

  • Control of VCS and VCS expressway design

    I have a problem with the design of control and track Express VCS. Now, here's two VCS control and a highway. As you know, put on the Internet Highway and a control on my seat. At the same time, I want to put the other control on the management of my company which is in another city. Can it work correctly? How dose it work?

    You must create two zones on VCS Expressway crossing server and a customer journey area by control VCS.

    In other words, you should have a link path by VCS - C connection VCS-E separately.

    Please be sure to set different H.323/SIP port on each VCS - C.

    For example:

    VCS - C1 (Headquarters): area of traversal client pointing to VCS-E 6001 as port H323 and SIP traversal port 7001.

    VCS - C2 (branch): area of traversal client pointing to VCS - E with 6002 as port H323 and SIP traversal port 7002.

    VCS-E: a traversal server zone list for VCS - C1 (6001 as port H323 and SIP traversal port 7001) and other traversal server list for VCS - C2 (6002 as port H323 and SIP traversal port 7002)

  • VCS expressway firewall rules

    Hello

    I just need your confirmation on the following configuration.

    VCSC - FW - Internet

    |

    |

    VCSE

    We use the double option with NAT Nic key.

    VCS expressway wil be connected with 1 single interface LAN for FW.  It will be a private ip address.  Firewall will be Natting the private ip address of VCSE to a public ip address.

    When updating the FW in ruling according to the following link:

    http://www.Cisco.com/en/us/docs/Telepresence/infrastructure/VCs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X7-1.PDF

    Appendix 3 - Page 55-58

    What address VCS expressway ip do you need to use FW rules?  a private or public?

    Thanks in advance.

    Ahmed

    Hi, Ahmed.

    If you use the VCS-E with the option of dual interface for NAT with all of a communication interface,

    the internet and your internal network must go to the _public_ ip address, not the private sector

    one. If it's not only on the firewall, but also the destination of the area on the VCS - C.

    Regards to your firewall, that depends on what must have configured your firewall.

    Some firewalls (or at least admins/users) seem to have problems getting the vcs - e accessible from inside on the

    external ip address. If there is a problem, you must use the secondary interface of the vcs and set a new

    DMZ.

    Please remember useful frequency responses and identify useful or correct answers.

  • Jabber client - encryption of VCS Expressway with MRA

    Hi all

    I'm working on the implementation of MRA for a video solution existing. Version CUCM is 9.1.2 (no IM & P server), vcs - c and vcs-e 8.2.2.  Client Jabber is 11.5.x

    I finished most of the introduction and I am able to call internally and externally through MRA.

    I still have a few things to tweak.  One is the encryption of video calling once jabber connects from outside.  From my understanding, the thigh jabber call end point and VCS Expressway uses TLS. But when I run wireshark on the PC with Jabber client, I don't see the RTP stream as being encrypted.

    CUCM my jabber device does not use a secure profile.  Is it ok or not?

    Please let me know if more are needed.  Thank you

    You can confirm the call is encrypted from the client of jabber MRA by doing as follows (I used 11.5 jabber client, if you are using an older client, I can't guarantee this method):

    1. make a call from the client jabber ARM, once the call is configured and media is established, you can end the call.
    2. create a jabber client problem report (help > report a problem...)
    3. Enter the required details and save the .zip file.
    4 extract the file "jabber.log" from the .zip file. Since this file (at least since the version of client jabber 11.5) has the SIP messaging included in this document, you can use TranslatorX to view the file (you can also use a text editor if you wish).
    5 generate a diagram of the log file.

    6. in the diagram of the scale, you should be able to locate the origin of the call. Search for an invitation, in my case a "RE-INVITE" and select it. A pop-up window will appear with the details of the SIP message.

    7. read the content of the message prompt of the SIP protocol (focusing on the SDP - the component of negotiating media). I won't go into detail about how to read SIP messages (there's a good article here, it is not for jabber specifically, but the same concepts apply).

    8. close the prompt message and open the message 'OK w/SDP' to examine the response of the VCS-E. The SDP response, we can confirm that the encryption settings have been accepted for the media (media will be encrypted).

    For re - apply point Jamie, unless you run CUCM in mixed mode and using security profiles, signalling/media encryption stops on the thigh of CUCM/endpoint and the VCS - C respectively. See the diagram below for reference (mixed mode not implemented).

    You need not applied to the device of CSF security profiles to obtain the encryption between the client of jabber MRA and the VCS-E. If you can decode signaling and media packets in Wireshark your jabber client, you probably will not connect via ARM (ARM is always encrypted).

    Please let us know if that helps.

    -Jon

  • Control of Cisco and VCS VCS Expressway

    Dear team,

    We bought Cisco VCS and VCS Expressway 7.X.

    Need download link for the model of the FVO and software and please guide how to install Cisco VCS and VCS Expressway 7.X?

    Thank you

    Cisco_VCS_Virtual_Machine_Deployment_Guide_X7-2 may exceed OVA installation and initial configuration.  Additional configuration and deployment guides that they can be found here.

  • VCS Expressway outside to endpoints internal call

    I have a new implementation where internal control 1 to VCS in LAN and VCS Expressway in DMZ 1.

    VCS Expressway has an IP public address/NAT.

    Currently, we have a group of VC endpoint, each endpoint has a public IP/NAT to the local network, to allow internet to make H.323 call directly by public IP address of the composition of the endpoint.

    My question is, after having implemented VCS Expressway in DMZ, how do the numbering plan at each endpoint internal VCS Highway outside call? Do I still need to give to each endpoint an ip/NAT publich.

    Thank you very much.

    A much simpler and in my opinion, more elegant and more scalable solution would be not to use IP addresses for calls, but to allocate and register outcomes with E.164 alias. That way you all you need is the internal IP address.

    So the outer ends may, in this case, call your settings using the [email protected] / * / or [email protected] / * /-E_IP_address.

    Internal assessment criteria can call each other using alias only for as long you have the rules of research in place, and cannot therefore have the external ends you will allow to record with you VCS-E for one reason or another.

    If you have the outcomes of Polycom external with the old version of the software that does not support Annex O URI component, then it's very simple to include a transformation of prior research on the VCS-E which will allow these settings call using owners 'numbering URI "; VCS-E_IP_address ##Alias - and if you, on the odd occasion, a final point which cannot use anything other than IP addresses, you can configure the alias of relief on the VCS-E to point to a specific or a standard automatic on a MCU, purpose etc.

    A dial plan using as above will also allow you to use DHCP addresses, the alias remains static, and that's what counts, addresses much simpler to give to people. e.g. 123456 is much easier to remember than 202.138.98.23 etc, not to mention the IPv6 addresses, and because you save your settings with domain name, and then customers SIP will also be able to connect very easily.

    /Jens

  • 2 MCU and VCS Expressway, routing problem

    Hi all

    We have a design with a group of control VCS (2 members), cluster VCS Expressway (2 members), and a couple of microcontrollers (registred H.323 on VCS control cluster with the same prefix: 90).

    Each highway has a public IP address and incoming calls from outside can only be routed to microcontrollers:

    [email protected]/ * / for MCU_1 and [email protected]/ * / for MCU_2 (we don't have external DNS resolution).

    I put a conversion into motorway of VCS to change [email protected]/ * / to [email protected] / * / and [email protected]/ * / to [email protected] / * /.

    The problem is when someone calls [email protected]/ * / sometimes (randomly) the call is routed to MCU_2 (instead of MCU_1) and if the appellant see the auto attendant.

    The occcurs even then of the appeal [email protected]/ * / (MCU_2), sometimes the call is routed to MCU_1.

    Any idea what can cause this device or a way to make it work well?

    Thanks for help.

    José

    I think still that separate prefix would work, but here are a few ideas:

    Are incoming calls which do not possibly using SIP that is being interoperability H323 or incoming calls all certainly the H323?

    If you want to keep pure H323, you could perhaps just have a search rule/turn on your VCS-E who changed [email protected] to an E164 e.g. 90... and had a search on your VCS - C rule that says 90... stop at the local area.

    I also noticed that you direct calls to [number]@MCU-IP - have you tried to direct all calls to [number]@VCS-C IP instead?  If the VCS is the holder of a registration for a number, it should be able to deliver accordingly.

  • VCS Expressway, highway

    Hello

    Gently, I confused, what are the differences between VCS Expressway and Freeway?

    -Don't need Expressway a HW (server), it is only allowed in CUCM I need to buy?

    -pre sales engineer, when can I choose VCS-E? and when can I take the freeway?

    Thanks and greetings

    There is a thread here:

    https://supportforums.Cisco.com/discussion/12699961/Expressway-series-vs-VCs-control-Expressway

    To summarize:

    What are the differences between VCS Expressway and Freeway?

    -VCS expressway or the Server Traversal is the 'legacy' that supports local recording of external H323/SIP based endpoints by using its features of Registrar Gatekeeper h.323 and SIP. It also serves as the traversal server for VCS (client of crossing) control to support for firewall traversal calls and B2B.

    -Highway consists of Core Expressway and the highway, or they call it 'Collaboration Edge'. The concept of highway is the same as the 'life' VCS control + VCS Expressway to provide firewall route, B2B calls. Channel Express is an extension for CUCM controlled environment for Mobile and remote access. With Highway, external clients/video endpoints can register on the CUCM without using VPN. Expressway in this case do not support the records the of endpoints. Endpoints will locally save on CUCM using technology of firewall Expressway (Core + Edge) courses.

    Expressway takes a HW (server), it is only allowed in CUCM I need to buy?

    Highway needs a server and it can be deployed in a virtual environment.

    You can take a look at offerings Cisco Business Edition 6000 (BE6K):

    http://www.Cisco.com/c/en/us/products/collateral/Unified-Communications/Business-Edition-6000/data_sheet_c78-717454.html?CacheMode=refresh

    as when can pre sales engineer, I choose VCS-E? and when can I take the freeway?

    -I suggest to contact your Cisco representative helping you find the right solution for your customer.

    Kind regards

    Acevirgil

  • VCS Expressway & movi 4.2 configuration

    Hi all

    I created movi account manually in the TMS and it work perfectly with VCS - control.

    However, it cannot register for VCS expressway. Is it mandatory to have a name authority pointer record in DNS?

    For example, configure us abc.com as the domain name SIP Highway VCS, is mandatory to fix abc.com as public highway VCS by DNS server IP address?

    Thank you

    Ben

    That is to say you do not originate in the AMZ comes directly to the public IP address of the VCSE

    If that's the case at least, you should see registration tent if nothing can be seen then you need to look at the firewall

    is he ASA? try tp packets capture and see why you arew not hitting the VCSE using SIP

    as it could be firewall issue!

    HTH

  • VCS CPL rule filtering of IP addresses

    Hi all

    I have a CPL script which change each alias entering Internet alias AutoAttendant MCU.

    But I would like to allow known, identified by their IP address, websites to call directly to the internal endpoints.

    I found, I can check with a

    but I coulnd find how to test IP Address. Only aliases are checked.

    Do you know it is possible to filter endpoints with CPL, based on IP address?

    Regards,

    Guillaume

    As far as I am aware, there is no way to filter by IP address in the reduced CPL that is implemented on the VCS/Expressway.

    Is there a reason why you can't filter by alias instead of IP address? When it comes to hacking, spoofing IP addresses is just as easy as aliases, so that really does not provide any additional layer of security.

    I would probably just add additional rules for each alias you want to have the ability to call inside, or if they are coming from a specific domain, the (.*)@domain will be a catch all to those from another expressway or equivalent.

    Otherwise, if you must use IP address filtering, you would have to do it in the firewall, by making a set of rules to block all IP addresses, then making another rule for the desired IP address, set it to allow, and make it higher priority than the first rule. Then delete your CPL.

    I would probably not go that direction, as it would be very limiting, and the firewall rules in the expressway are a pain to configure. (also would still leave you vulnerable to IP address spoofing)

  • review during deployment - VCS Expressway

    Hello world!!!

    We knew the benefits of deployment - VCS Expressway. After reading "Cisco TelePresence video Communication Server Configuration of base (control with Highway) - Deployment Guide", I and my team are faced with the following:

    1 - if we do not "Advanced Networking option key", we are not able to use the static NATing feature of the VCS Expressway, but also the interfaces network double. This is why we need this firewall do NAT reflection (it allows to control VCs access the IP public VCSexpressway) and the deep Inspection (to change the IP address that is part of the SIP header). This statement is correct?

    2. - If in my deployment, I'll open some ports in the firewall, is it means that my network is exposed to external threats? There are a few Considerations to keep in mind the safety on the end points that will be in the Internet?

    I also leaves a small attached file, in this file, you can get an idea of what I'm doing. I will seek in advance for your comments. Thank you for all.

    The same concept applies to the least.

    If you already have a DMZ with public IPs, you should be fine. If not, you could split the existing subnet you have, get a new ISP, use proxy arp...

    Not sure how are your details if you are unsure how to configure what I told you in the message before you may need to ask a guy to additional network.

    As you say yourself, if you can not prevent NAT (course, which is a nice way to deploy, but it would require double interface, now known as enhanced networking key).
    Also remember that you must not share the VCS-E IP with other services.

    Another option may be to accommodate the VCS-E to an ISP or there is also some providers that offer an area crossing of VCS (at least the non-cucm style) as a service.

    That you have developed a computer user, do you plan to use jabber-video (old style of tms) or jabber (cucm)?

    Please note the messages with the stars below and define the thread if it's an answer!

  • VCS Expressway

    Hello

    • Is attached design, pls confirm if it is correct?
    • Actually my boss want to have a video conference with the xyz company that is have a VCS highway up and it works direct, we ordered the new switch Express VCS and 1 not old codec C20 it asked me to install, and unfortunately, I'm not able to configure, want to know the concept how URI dialing , and how do I register endpoints TP in VCS, I am recording Codec C20 for VCS and it shows in the registration of newspapers rejected and failed on C20.
    • Very new to VCS and desperately want to know how the flow of calls will be in 2 our separate entities for example, mycompany.com and xyz.com
    • There is no default gateway for LAN2 option so how traffic will be routed to other areas, we can add a route in VCS.

    Thank you

    Usually, there are two components - control and VCS VCS Expressway. VCS control is located on the internal network and VCS Expressway is located on the external/DMZ network. Endpoints register control VCS. VCS control build a "Zone of crossing" VCS Expressway and when endpoint route tent yells, he's going to Control of VCS VCS Expressway and then.

    You may be able to register endpoint for VCS Highway if you supply on this device license. You must configure a domain on the VCS to accept records. You must define this area even on the endpoint as well.

    Take a look at this to resolve endpoint records. http://www.Cisco.com/c/en/us/TD/docs/Telepresence/infrastructure/article...

    This can also be caused by firewall as well.

    You can see the documentation below for how to configure the outgoing VCS-C/VCS-e call.

    http://www.Cisco.com/c/en/us/TD/docs/Telepresence/infrastructure/article...

Maybe you are looking for