VCS-Highway RTP streams

Hello

If 2 of my home (EX90) users are registered the SCV-Expressway of internet, when they make calls.

1. the RTP necessarily flow via Hwy VCS and consume traversal licenses; Suppose that there is no work required for H.323, SIP or IPV4 to IPv6.

2. it will make a difference if the end EX90 points have a public IP address and not Natted router SOHO?

3. what happens if the EBU home use Jabber or Movi?

best regards

Kabylie

If you connect public network directly to EX90 with attribution of a public IP, while EX90 will have same IP (local IP address on EX90) and IP source address.

Also of the PC with 3G mobile connection (3 +, LTE service, etc.), ISP can assign the public IP video Jabber will of the contract, the IP address and the IP source address.

If EX90 is located behind the home router and NAT to connect the VCS-E, call will treat as traversal appeal except call establish ICE TOUR call.

ICE (Interactive Connectivity Establishment), two SIP UA are trying to link the RTP/RTCP directly during the call to install and successfully establish the link, then stream media directly, otherwise fall back to the relay of the TOWER (route call via VCS - E).

Tags: Cisco Support

Similar Questions

  • Cisco VCS-highway network Dual interface option key required

    Dear expert;

    I'm new on TV Cisco presence.

    We have below BOM ordered by the customer as well as the VCS-Express is device without network double button Option Interface.

    Now they have made the redundant system with VCS-highway in VM and want to use Nating for which we need double Network Interface license key option.

    How we get this.

    Appreicate your valuable response.

    The option key double network is provided with virtual VCS, however, is a separate post for the VCS material, to enable network features dual on your existing hardware VCS, you will need to order LIC-VCS-DI.

  • Is it possible to send and receive RTP streams on the same computer?

    Hi all

    I tried sending an RTP stream and receive it on the same computer, but it did not work. I use the AVTransmit2 and AVReceive2 classes, I assumed that these classes are popular, so I have not included the code for them) for this.

    It works perfectly fine when a computer sends using AVTransmit2 and another receiver using AVReceive2. However, when, on the same computer, I get the following error in AVReceive2:
     Cannot create the RTP Session: Unrecognized Windows Sockets error: 0: Cannot bind
    The address I used for transmission and reception is: 224.144.251.104/22200

    And I also discovered that it IS possible to send and receive streams on the same computer using JMStudio, but I found it very hard to dissect its code.
    How can this be achieved using these two classes, that is, the AVTransmit2 and the AVReceive2?

    Any suggestions will be greatly appreciated. 
    private String createTransmitter() {
...
localAddr = new SessionAddress( InetAddress.getLocalHost(), port);
destAddr = new SessionAddress( ipAddr, port);

    You can do this instead:

    localAddr = new SessionAddress( InetAddress.getLocalHost(), SessionAddress.ANY_PORT);

  • With VCS-E media stream, VCS - C

    Hello

    We intend to implement a VCS infrastructure now I'm not sure wich accepting media between endpoints.

    On the photo, you could see the scenario.

    Endpoint 1 is communicate with the endpoint 2.

    1 medium Wich takes the media stream?

    2 what endpoint 1 communicate (media) with VCS - C and not directly with the two end point?

    2. must a direct connection between two end points?

    Thank you

    Martin

    Hi Martin,

    the media could pass control of VCS and highway always in a solution of course and course usage license.

    endpoint 1 must send to the control of VCS, and then it will be passed to the fast lane and then on internet and internet endpoint not directly.

    Rgds,

    Alok

  • VCS Highway internal of external call (Live ip)

    Dear members,

    It is I want to call the other end points all over the world who have direct ip, and similarly with the keeper change affecting I want to call my end points too.

    Note:

    When I call from my endpoints the register to the doorman, but when I do the direct ip call I choose the Direct option. I can able to appeal to both ends with the change of the setting.

    Kind regards

    Archambeau

    I might be a little lost on what you have and how it is configured, but on page 30 of this guide http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Control_with_Expressway_Deployment_Guide_X7-2.pdf

    the configuration required to enable locally registered endpoints call public IP addresses directly explained. You only need to register your end points of your VCS using SIP and H323 (either one will be fine), and the VCS configuration takes care of the rest.

    -Zac Colton

  • VCS-highway safety issue

    Hi, I just want to know who runs the VCS-E server itself to avoid attacking

    If the outside IP LAN cannot be ping and web access?  or other means?

    Thank you very much

    Depends on your deployment, that is, if you put the VCS-E in a DMZ or completely in the wild. Otherwise web access (https) and ssh console access can be enabled/disabled as needed on the VCS itself. In the end, it is entirely at you how do you protect the system against attacks. Take a look at the deployment guide: http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-2/Cisco-VCS-Basic-Configuration-Control-with-Expressway-Deployment-Guide-X8-2.pdf

    Also suggest you take a look at the Administrator's guide: http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/admin_guide/Cisco-VCS-Administrator-Guide-X8-2.pdf - see "intrusion protection" in particular.

    /Jens

    Please note the answers and score the questions as "answered" as appropriate.

  • How to record streaming RTP of Wireshark and play using an application called Audacity

    I use dto this regularly a few years ago and used to know all the steps to get the stream RTP of Wireshark and then save to a file and then play using an application called Audacity.

    In my opinion, were the steps that I used to do:

    1 Wireshark - put in place since a file display server to display only the RTP.

    2 then in Wireshark---> statistical sub---> Show all streams---> and analyze---> then save payload as 'gross' or ' to the ' can't remember - forward / reverse / both

    3 then play the file using Audacity.

    I am clearly stating what I need.

    Now when I do the above I can not read the file with Audacity.

    Audacity says:

    Audacity did not recognize the file type. If it is not compressed, try to import using "Import Raw".

    We must continue to use them to remember the steps.

    Any help much appreciated.

    If the RTP stream uses G.711, you can directly use the audio player of wireshark:

    -in Wireshark - telephony - Voip calls

    -Select a call - then click the reader button

    -Click the Decode button

    -Select one or more streams of data and so click on Play

    You can also use RTP analyze tool to record audio in .au format and play with Audacity.

    If you prefer to save the file in .raw format, you can open Audacity and import the file in raw mode and specify the codic law for g.711A so or u - Law codec encoding G.711u and therefore equal to 8000 Hz sampling frequency.

    Kind regards.

  • Jabber client - encryption of VCS Expressway with MRA

    Hi all

    I'm working on the implementation of MRA for a video solution existing. Version CUCM is 9.1.2 (no IM & P server), vcs - c and vcs-e 8.2.2.  Client Jabber is 11.5.x

    I finished most of the introduction and I am able to call internally and externally through MRA.

    I still have a few things to tweak.  One is the encryption of video calling once jabber connects from outside.  From my understanding, the thigh jabber call end point and VCS Expressway uses TLS. But when I run wireshark on the PC with Jabber client, I don't see the RTP stream as being encrypted.

    CUCM my jabber device does not use a secure profile.  Is it ok or not?

    Please let me know if more are needed.  Thank you

    You can confirm the call is encrypted from the client of jabber MRA by doing as follows (I used 11.5 jabber client, if you are using an older client, I can't guarantee this method):

    1. make a call from the client jabber ARM, once the call is configured and media is established, you can end the call.
    2. create a jabber client problem report (help > report a problem...)
    3. Enter the required details and save the .zip file.
    4 extract the file "jabber.log" from the .zip file. Since this file (at least since the version of client jabber 11.5) has the SIP messaging included in this document, you can use TranslatorX to view the file (you can also use a text editor if you wish).
    5 generate a diagram of the log file.

    6. in the diagram of the scale, you should be able to locate the origin of the call. Search for an invitation, in my case a "RE-INVITE" and select it. A pop-up window will appear with the details of the SIP message.

    7. read the content of the message prompt of the SIP protocol (focusing on the SDP - the component of negotiating media). I won't go into detail about how to read SIP messages (there's a good article here, it is not for jabber specifically, but the same concepts apply).

    8. close the prompt message and open the message 'OK w/SDP' to examine the response of the VCS-E. The SDP response, we can confirm that the encryption settings have been accepted for the media (media will be encrypted).

    For re - apply point Jamie, unless you run CUCM in mixed mode and using security profiles, signalling/media encryption stops on the thigh of CUCM/endpoint and the VCS - C respectively. See the diagram below for reference (mixed mode not implemented).

    You need not applied to the device of CSF security profiles to obtain the encryption between the client of jabber MRA and the VCS-E. If you can decode signaling and media packets in Wireshark your jabber client, you probably will not connect via ARM (ARM is always encrypted).

    Please let us know if that helps.

    -Jon

  • Integration of Lync with VCS - key Option mandatory?

    We implement integration with VCS on x7.2 lync.  Using B2BUA with lync 2010.  Everything works internally with lync configuration, we are only having trouble with lync external participants come and we border routers in the mix.  Direct pools are set up under the name of trust.  We have turned on the highway of the tower.  The calls started from inward of Lync.  VCS sees calls says it is connected, but the appeal does not and then falls normal call clearing.

    My thought for the failure, is that the OCS Collaboration option key has not been added.  But I can't tell in the deployment guide, if this key is necessary only if the encryption is in progress.

    The other area that we now have on the border routers is if The Edge server and the firewall that the Edge transport server may move multimedia traffic through can then reconfigure to allow RTP over UDP and RTP over TCP to pass.

    Can you confirm if the key of the SCO is a requirement for Lync which crosses the highway?  And are there other areas which we recommend why calls set entirely outdoors.

    Hi Kim,

    the SCO cooperation improved option key is necessary for this scenario of appeal, stated at pages 13 and 53 in the Lync to X7.2 deployment guide:

    Calls on a Microsoft Edge server require the VCS have installed improved OCS Collaboration option key because this key allows the ICE to be used for media connectivity

    You are also right that you will need to allow RTP UDP traffic to and from your Edge transport server, as the TURN server on VCS Highway currently does not support the RTP over TCP. If this isn't the case, ice connectivity check between the B2BUA and the Lync client and server Edge fails, which in turn causes to disconnect.

    Hope this helps,

    Andreas

  • Is it possible to add a plugin to the core module to iptables to VCS?

    Hello

    Is it possible for a third party to add a plugin to the core module to iptables to VCS to protect H.264 video with redundant packets? Can I use the same version of CentOS or Redhat header files?

    Thank you

    Yue Hong Quan-

    https://www.Facebook.com/groups/videoconferencing/
    http://SCOPIA.H323Meeting.com

    His multiple point of view, the part of the technology, the SCV is founded at least not red and I could imagine

    If you have very likely different headers and libs will not work.

    If you find the good ones, don't know if there is any hardening is preventing it from loading in any case.

    Then there's the next part, if what you are trying to archive makes sense and if there would be other ways.

    For GENERAL installation, it would be same negative as the remote endpoint could be confused it you

    Double all RTP packets. If you want to use between two VCS, you could also manage that by

    a box of linux from the start which is just double the packages you need.

    In any case the matching look not so hard, but on the receptor site to the device that

    package is the right one, for example, you want to just take the first or do some

    test of corruption as well.

    Not to mention that I would check what can do your end points, look at clearpath, who is a redundancy

    already in the endpoint RTP stream.

  • VCS - C <>= VCS - C vs VCS - C <>= VCS-E

    Case 1: VCS - C<==[Firewall]==>VCS - C<====>Internet

    Case 2: VCS - C VCS-E<====><==[Firewall]==>Internet

    In both cases, there are hints of options: encryption, interoperability of calls, Traversal, Non-Traversal.

    I have 3 questions, and I hope that someone please respond:

    Q1. In which case the supported encryption on all calls? If yes then what are the requirements to ensure that all calls are encrypted?

    Q2. How to call signal and call road traffic of media in each case, while internal endpoint connects to the remote endpoint?

    Q3. What are different between the covered area and / vs nearby area? I'm looking for pro and con.

    In short, an area of neigbor is appropriate if the media can flow directly without NAT or a firewall blocking somehow.

    A properly configured firewall is in general no problem, but h323 and rtp/media use a lot

    ports and you never really know what are the ports of the remote site will use so you end up having to open it

    high all ports for customers anyway...

    As 'internet' is mentioned, there is also that the components are on public ip addresses (do not forget

    No NAT allowed) and that these higher ports are open between all systems video (including video Jabber) and all (= 'Internet'), not sure if you want that,...

    Its more likely that some calls works perfectly with the deployment of 1 but many other calls will fail.

    so no, this isn't the way to go.

    Remember also, firewall/nat handling is as important on the internet, so if you expect from remote devices

    be behind NAT or a firewall (for example, a JabberVideo user or endpoint to a Home Office) you would

    also need to NAT traversal.

    Unless you have a mutation very very special needs very very specific VCS-E is the device

    you need to deal with the interest to link media.

    Q1. In which case the supported encryption on all calls? If yes then what are the requirements to ensure that all calls are encrypted?

    Endpoint also plays a vital role cordially encryption

    VCS with X7.2 can also supports encryption on the client's behalf, as

    CLIENT1 > (unencrypted) > VCS > (encrypted) > Client2

    Therefore, no problem.

    Q2. How to call signal and call road traffic of media in each case, while internal endpoint connects to the remote endpoint?

    If non-traversal calls (as in the deployment of VCS-C/VCS-C) and Neighborzones are used media will go directly between the endpoints, in the case of failure to sign will stick to the VCS unless you use the optimal call routing

    in some cases can release a VCS from the stream of calls. VCS where endpoint is saved forever

    involved in the call signaling.

    Q3. What are different between the covered area and / vs nearby area? I'm looking for pro and con.

    The area of route is used when you need to limit the number of ports and link media to

    a specific path (between the VCS).

  • Cisco VCS Lync Interworking with Lync Server/multiple domains

    Unfortunately I don't find any reference in the guides of deploymend, if it is possible to master several server/domains on a single VCSE lync. Is there a way to gather environments different lync with a vcs? For example, interoperability with clients a and b, which have completely separated from lync environments.

    We wanted to master it with VCSE, or is the Microsoft key option only avalible for VCS?

    Thanks for the reply.

    The Deployment Guide says you should use a VCS-control, not a VCS-Highway to serve as gateway of Lync.

    I don't think I have several B2BUAs connect to Lync on a single VCS - you would need to have a separate VCS for each Lync environment (IE, one for the customer) and another for client B and search rules appropriate to direct traffic areas in the right direction.

  • License VCS\VCSE of virtual machine hardware migration.

    Hi all

    I want to migrate my hardware to virtual VCS\VCSE.

    Both servers are covered by the active maintenance contract.

    How licenses work in this case? What is the procedure of transfer?

    Any cost?

    Thank you.

    Hello

    About Cisco VCS, you want to migrate virtual machine hardware, you will need to purchase a new license to make the transfer. These are the partnumbers you need:

    R-VMVCS-C-M-K9

    HW migration to E - Delivery Virtual VCS only controls

    R-VMVCS-E-M-K9

    HW migration to E - Delivery Virtual VCS Highway only

    Please contact your Cisco representative for more information.

    After purchasing the license, the license of the VM device rehost will be made by a specific Cisco team, not the team of global license, it is a process different rehost. You will need to send your request to [email protected] / * /, this team will provide instructions to rehost your VCS license correctly.

    I hope this helps.

    Concerning

    Paulo Souza

    Please note the answers and mark it as "answered" as appropriate.

  • Stream SPA 112 unsuccessful T38 fax call scenario

    Hello

    I will try to explain the situation better than I can.

    A fax device is connected to the port of SPA 112 phone (Firmware Version: 1.3.5 (004_XU001) Sep 16 2014). ATA a T38 support is enabled and a Terminal gateway in this case. A voip account is configured and registered to a provider that supports T38 fax relay Protocol.

    Another fax device is connected to the originating gateway (in this case Patton Smartnode gateway analog) and another voip account is saved in the same provider. T.38 support is intentionally disabled on the originating gateway.

    I expect the following call flow:

    -Endpoint gateway answers the call (G711)

    -Gateway endpoint offers T38 when a fax signal is detected

    -originating gateway rejects the offer t38 (disabled on the device)

    -call is reinvited to G711

    If you look at debugging (zipped attachment, OCAP), seems that the appeal is made to G711, but there is no the SPA112 RTP stream after the G711.

    Any ideas on that?

    ARO

    Sebastian

    P. S.

    To explain the IP addresses used in the trace:

    10.128.3.1 - sip proxy

    10.128.3.4 - media proxy

    10.200.0.17 - originally gateway

    10.200.0.253 - destination gateway (SPA)

    I would like to analyze the captured file and comment on the most important steps. Let go.

    I see two sessions:

    A: 10.200.0.17-> 10.128.3.1 B: 10.128.3.1-> 10.200.0.253

    -> INVITE (with SDP, aLaw, media, 10.200.0.17, sendrecv)

    <-180 ringing="" (with="" sdp,="" alaw,="" media="" 10.128.3.1,="">

    -> INVITE (with SDP, aLaw, media, 10.200.0.17, sendrecv)

    <- ringing="" (no="">

    The session is now is being "call setup" with installation accounting preliminary call audio ringtones, media 10.200.0.17,10.128.3.1 aloi, bidirectional (sendrecv).

    The session B is now in the phase "system call", no preliminary audio, call progress announced by SIP itself message

    A: 10.200.0.17-> 10.128.3.1 B: 10.128.3.1-> 10.200.0.253

    <- ok="" (with="" sdp,="" alaw,media="" 10.128.3.4,="">

    <>

    <- ok="" (with="" sdp,="" alaw,media="" 10.200.0.253,="">

    -> ACK

    The session is now in phase 'call connected' with 10.200.0.17,10.128.3.4 audio quality, bidirectional (sendrecv).

    The session B is now in phase 'call connected' with 10.200.0.17,10.200.0.253 audio quality, bidirectional (sendrecv).

    Two RTP stream can be seen in the capture file

    1: leave the package 125 & 126 (seq. 4911) 10.200.0.17-> 10.128.3.4-> 10.200.0.253

    2: from the package 129 & 130 (seq. 210) 10.200.0.253-> 10.128.3.4-> 10.200.0.17

    NMC is passed through them and was detected by the endpoint device. So invite:

    A: 10.200.0.17-> 10.128.3.1 B: 10.128.3.1-> 10.200.0.253

    <- invite="" (with="" sdp,="" t.38,media="">

    -> 488 not acceptable here

    <- invite="" (with="" sdp,="" t.38,="" media="">

    -> OK (with SDP, T.38. Media 10.128.3.4)

    T.38 was so successfully (re) - negotiated on session B as sip proxy approved the T.38. Remain sitting A in the former State (e.g. aLaw audio) from peripheral transition rejected T.38.

    Note that proxy media receive the 10.200.0.253 T.38 returns one as-is to 10.200.0.17 despite the existence is not T.38 negotiated here. Also, use packets received 10.200.0.17 are returned as-is from 10.200.0.253 (they are interpreted as T.38 packets).

    It's a little unfortunate behavior. Media proxy should recode media of the Protocol on the left side is not the same as the Protocol on the right side. Proxy SIP should not approve the change of Protocol unless it knows that the proxy media can handle them. On an ideal world, the SIP proxy should not OK T.38/reINVITE to 10.20.0.253, unless he received 10.200.0.17 OK. As a principal is not willing to talk to T.38 and media proxy cannot translate aloi<->T.38 termination invitations must be rejected.

    Well, we do not live in the perfect word and invitations request has been approved. Now, the SIP proxy know proxy media cannot handle the current configuration, then it starts attempt to return the two session at aloi (despite the A session is aLaw already):

    A: 10.200.0.17-> 10.128.3.1 B: 10.128.3.1-> 10.200.0.253

    <- invite="" (with="" sdp,="" alaw,="" media="">

    -> OK (with SDP, aLaw. Media 10.200.0.17)

    -> INVITE (with SDP, aLaw, 10.128.3.4 media)

    <- ok="" (with="" sdp,="" alaw.="" media="">

    The two sessions should be now in mode aloi. Unfortunately, despite the 10.200.0.253 received the passage to the quality he continue to use T.38.

    Conclusion:

    It seems that you hit the bug in the firmware. SPA112 must be:

    R: rejection invite T.38 to genuine, if she is unable to do it properly

    or

    B: do it right

    Moreover, in the case of 'A', the SIP proxy can nothing but complete two call legs. Aloi-> transition T.38 premature OK (as I described above) make incompatible with devices that are unable to return for T.38 to sound crude.

    What is now? You can turn in level 3 syslog and debug (voice-> System tab) and catch them. It can reveal more about the issue. But I don't know if it can reveal something that allow us to solve the problem. But you need the newspaper if you decide to report the bug to Cisco SMB TAC.

    You can report the bug in the firmware to SMB TAC even if you have no support agreement.

    Despite you have the contract assistance or not, do not put so much hope that Cisco will help you. And zero chance it will not solve the problem within a reasonable time.

  • Question record DNS SRV + VCS Expressway

    Hi all

    I have a South, VCS in the DMZ, and I am facing a problem with the SRV DNS records.

    VCS Expressway Hostname:-VCSe

    Domain: example.com

    FULL VCSE domain name: VCSe.example.com

    and I have an a record set up for the same FQDN in DNS Public Server.

    I have a sip domain configured as 'cisco.com' in my VCS Expressway.

    What is the SRV records, I need to create in the Public DNS server.

    Kind regards

    Nikhil Jayan

    Nikhil,

    It seems that you have not checked the link I sent you earlier... A very explicit documents. in any case that we talked about earlier is we were talking about signs send calls to the highway as well as parts of the record.

    In your deployment, you have a different domain for DNS and SIP domain. Also as you say you meet Highway cluster and you want to record to both endpoints and then I suggest you to check the document for the creation of cluster on cisco webesite.

    Now, if you have a cluster for Highway then you must create several srv records that would be pointing to each domain name FULL of the approved cluster with equal weight. In normal use scneario of domain common to different services are recommended.

    Srv records would have seen something like that.

    _sips._tcp.company.com. 86400 IN SRV 1 1 5061 vcse1.company.com.

    _sips._tcp.company.com. 86400 IN SRV 1 1 5061 vcse2.company.com.

    _sip._tcp.company.com. 86400 IN SRV 1 1 5060 vcse1.company.com.

    _sip._tcp.company.com. 86400 IN SRV 1 1 5060 vcse2.company.com.

    _h323ls._udp.company.com. 86400 IN SRV 1 1 1719 vcse1.company.com.

    _h323ls._udp.company.com. 86400 IN SRV 1 1 1719 vcse2.company.com.

    _h323cs._tcp.company.com. 86400 IN SRV 1 1 1720 vcse1.company.com.

    _h323cs._tcp.company.com. 86400 IN SRV 1 1 1720 vcse2.company.com.

    _h323rs._udp.company.com. 86400 IN SRV 1 1 1719 vcse1.company.com.

    _h323rs._udp.company.com. 86400 IN SRV 1 1 1719 vcse2.company.com.

    However, your case is different. In your deplyoment what you have to do is any request for the domain "cisco.com" should be resolved in FQDN of the VCS-Highway peers with equal weight.

    for example

    _tcp.gmail.com. IN SRV 20 0 5222     talk2.l.google.com.

    Therefore, any request to gmail.com would resolve to the talk2.1.google.com server.

    same way you have to make it work.

    Thank you

    Alok

Maybe you are looking for

  • iCloud for Windows: authentication failure

    (In fact, the message French that appears is "an error has occurred pendant authentication.") I have re-installed iCloud (repaired) for Windows. I get my ID and password, and I get an alert "authentication error". I know the password is correct, beca

  • activate an IPad opportunity

    I recently left my IPad on a plan and have no chance with lost American, I bought an IPad on EBay.  When I get this what steps should I take to make this "mine?"  I'll be able to put in my own access code?  I'll be able to register this with Apple?

  • HPe 1170t CTO: 1170t

    I want to upgrade my EVGA GEForce 570 to a card GeForce 970.  The 570 has worked well since I replaced the original 550ti with her.  I know that the power supply is adequate for the 970, but realize that it has PCI-express 3. architecture of 0 (which

  • How do I uninstall "C:\Program Iolo System Checkup\SystemCheckup.exe.

    I went into Control Panel, add/remove programs, clicked on the Check Up to said change/remove...it system is to uninstall but does not work.  I tried to call the company th... and all I get is a sales pitch for the purchase of their product for $200.

  • Drink VN7 - 592G spilled on the keyboard, now sticky keys! How can I remove the keys to wipe the keyboard?

    Hello world There was a sweet drink spilled on my keyboard and the keys are now sticky Are there ways for me to remove the top of the key, so that I can sticky sugar wipe my keys. I don't know if I can just pop off the keys on this laptop. Can anyone