VCSC - questions VCSe

Similar Questions

• VCSC and VCSe

  I'm very confused on the VCSC and VCSe licenses and right. I need to launch a VCSe but I can't figure out how. Do I need an option key to activate the VCSC to VCSe? If so, what is the reference for this key?

  Thanks for your help!

  Installing VCS database (common to both), but when you order order you usually like a VCS - C or VCS-E.

  Reference to a VCS-E VM is R-VMVCS-EXPWY-K9.  This will give you the keys of the option to turn your basic VCS install in a VCS-E license.

  All references to products of VCS can be found here: http://www.cisco.com/c/en/us/products/collateral/unified-communications/telepresence-video-communication-server-vcs/data_sheet_c78-626491.html

• Question VCSE Bind9 Dns Srv record

  Hi all

  I recently put in place a solution of VCS Express in my area, but I need your help to solve my problem of dns.

  My infrastructure is:

  1 VCSE optional NIC for dmz 2 and natted with the public IP address

  VCSC lan subnet 1

  Everything works fine, covered call, record (Movi) from the outside, call SIP/h.323 IP or dns, interoperability... Everything is ok

  My question are dial endpoint not registered.

  When I call to outsite in:

  [email protected] / * /, working (I create a processing rule to convert the IP to the domain)

  [email protected] / * / work but the search rule failed in agreement with my search rule

  [email protected] / * / Is not no incomig call

  I suspect that there is a misconfiguration of the dns.
  We use servers DNS Bind9 as authoritative for our area

  I configured according to deployment guides, SRV records and has to point my public IP

  I try to question my DNS from the outside, nslookup and utility dig, query returns OK

  I do not know well Bind9 and I don't understand why calls are not received in the form [email protected] / * /

  I am attaching a sample of my DNS zone file

  $TTL 86400; 1 day
  @ IN SOA ns1.mydomain.com. root.mydomain.com.)
  2011072147; Series AAAAMMJJNN
  7200; Refresh every 2 hours
  7200; Try again every 2 hours
  7200; They expire after 2 hours
  14400); Minimum TTL of 4 hours

  IN NS ns1.mydomain.com.
  IN NS ns2.mydomain.com.
  IN NS ns3.mydomain.com.

  mydomain.com. IN NS ns1.mydomain.com.       "After you have created this entry, the call to [email protected] / * / began to operate.
  mydomain.com. IN A X.X.X.X
  ns1 IN A X.X.X.X
  NS2 IN A X.X.X.X
  NS3 IN A X.X.X.X
  vcse IN A X.X.X.X
  _h323cs._tcp.mydomain.com.                   86400 IN SRV 1720 10 10 vcse.mydomain.com.
  _h323ls._udp.mydomain.com.                   86400 IN SRV 10 10 1719 vcse.mydomain.com.
  _sip._tcp.mydomain.com.                      86400 IN SRV 10 10 5060 vcse.mydomain.com.
  _sip._udp.mydomain.com.                      86400 IN SRV 10 10 5060 vcse.mydomain.com.
  _sips._tcp.mydomain.com.                     vcse.mydomain.com 86400 IN SRV 10 10 5061.
  _sips._tls.mydomain.com.                     vcse.mydomain.com 86400 IN SRV 10 10 5061.
  _sip._tls.mydomain.com.                      vcse.mydomain.com 86400 IN SRV 10 10 5061.

  ; This article is for the test

  ; mydomain.com. NAPTR 50 50 "s" "SIP + D2T" "" _sips._tcp.mydomain.com.
  ; mydomain.com. NAPTR 90 50 "s" "SIP + D2T" "" _sip._tcp.mydomain.com.
  ; mydomain.com. NAPTR 100 50 "s" "SIP + D2U" "" _sip._udp.mydomain.com.

  any idea is appreciated!

  Sorry for my English

  Concerning

  Giorgio,

  Please check your PM it seems that you have a typo in your SRV records.

  -Andreas

• Configure my VCSC with VCSe on the public IP address

  Hi guys,.

  I have a session of control VCS under my company Private IP and I my client on public IP VCSe.

  It will be possible to configure my VCSC with the VCSe after the configuration of the areas?

  The ports must be opened by my team of firewall in this scenario?

  Anything else I need to keep in mind.

  For the record, it is only for the objective test.

  You will appreciate any response.

  Thank you

  Saurabh

  > Then, practically there is no as such risk, and my client can use the public IP address on VCSe

  > without going to double network Option key. (which is used to secure more VCSe).

  Cisco highly recommend VCS-E deploy under the DMZ but it's true, too, many customers deploy VCS - E on public network directly.

  Please visit https://supportforums.cisco.com/thread/2154738?tstart=150 for more information security VCS.

  Next version of the plan to be supported VCS X7.2 software build - in the characteristic basic firewall, which allows configuration to allow/deny list based on the IP / port / protocol which should contribute to better security level or even VCS-E deployment on the public network directly.

  > So, I'll ask my client just buy a public IP address, that's all, and we are ready to go?

  A public IP will demand on VCS Expressway, VCS control can be use the NAT address glow (IE share internet access of the network of offices).

  You must also SRV DNS management (if small deployment probably better to use the external DNS service, there are a lot of company provide a service the two service also responsible DNS hosting and as free service).

• Jabber (Internet) video->->->-> Jabber CUCM VCSC VCSE for windows

  First of all, I tried Jabber Video (Intranet)->->-> Jabber CUCM VCSC for windows, video and audio are fine, by establishing a SIP trunk between VCSC and CUCM and Zone rule settings and VCSC research.

  Secondly, Jabber (Internet) Video-> VCSE-> VCSC-> Video (Intranet) Jabber, audio and video are very well by estalishing TraversalZone between VCSE and VCSC, as well as the search area in VCSE and VCSC rule.

  There is an obvious idea comes... Jabber (Internet) video->-> VCSC VCSE-> CUCM-> Jabber for windows.

  I tried by two means:

  Option A: I try through Jabber video (Internet)-> VCSE-> TraversalZone-> VCSC-> SIP Trunk-> CUCM-> Jabber for windows, acutally, there isn't any configuration required in VCSE/VCSC/CUCM, because when you dial [email protected] / * /, the VCSE will route the call to the VCSC and then it will move the call to CUCM, but I couldn't get to this subject, the logging of the VCSC He always showed in the message below:

  1. received VCSC VCSE SIP protocol prompt, call [email protected] / * /

  2 VCSC answered VCSE SIP 407 Proxy authentication required.

  3 VCSE answered the VCSC SIP ACK

  I don't know what is the problem here, or additional configuration required, but the call to certainly VCSC already, but I don't know what is the way of the authentication of 407 proxy here... If the Jabber (Internet) Video-> VCSE->-> Video (Intrante) Jabber VCSC, it isn't this 407 proxy authentication in logging.

  Option b: I'm going through Jabber video (Internet)-> VCSE-> SIP Trunk-> CUCM-> Jabber for windows, with the rule of necessary research, in this way, when Jabber (internet Video) composition Jabber for windows, it sounds, and when picked up, one way audio (from Jabber for windows to Jabber video) set up, no video.

  It is normally an authentication problem. I think that you run a software X7.x on your SPRDD? If so, try to activate "treat as authenticated" on the crossing area 'Authentication policy' (both directions, if it is set to "do not verify the credentials") and see if you get the P - asserted-Identity "authenticated" a header then and make a call from the internet, routed throug the VCS - c to your CUCM.

  Are your rules of research on the VCS - c, the value "request must be authenticated = Yes"?

  Hope this helps,

  Arne

• AD authentication environment VCSe, VCSC and TMS

  Hello

  We have VCSe, VCSC and TMS work with commissioning on the VCSC through TMS.

  VCS, Version 6.1, 13.1 TMS

  Movi (4.3) external Clients have registration with the VCSC. VCSe does proxy registration.

  Users have been configured on the MSDS. There is still no configured AD authentication.

  Everything works fine.

  We now want to configure AD authentication.

  There are several deployments to do, but for me, some of them are not so sure than others.

  I need a top secure deployment.

  I need ideas to make the deployment.

  Thank you

  Martin

  Hi Martin,

  I understand perfectly what you want, but I do not understand why. When you set a directory of provisioning in TMS to be integrated with AD, users are imported automatically according to the 'search string', that you are configuring. But passwords are not imported from AD, basic information only from users are imported. When any user try to connect, TMS challenge for authentication in real time.

  For me it is not a problem, because the MSDS do not save passwords in its own database. Is this a problem for you? Why?

  If you try to do it only because you want to limit which users are allowed to use the customer Movi, if your problem is the following, so you can solve it by using a 'search filter' in the configuration directory configuration, so that you afin que vous serez will be able to import only users who belong to a specific group, for example.

  Please, explain to me why you want to do.

  Paulo Souza

• VCSC & VCSE: device/user using LDAP authentication

  Hi all

  I configured the VCSC and VCSE for device authentication and the user using LDAP. The issue that I face is my Zone of course does not have connection to VCSE. I am sure that my LDAP works very well because everything works perfectyle (authentication of users, for example) with the exception of this. Status I got STRANDED on the page of the area traversed in VCS C.

  Has anyone encountered the same problem?

  It's not a problem, it's the behaviour, as the crossing area also uses authentication, then

  It will not use the local db but using your ldap server.

  You create an additional account with the user name used on the VCS that reflects the

  SIPIdentityUserName / h235IdentityEndpointID and the password as well.

  Works very well for us.

• Question about the design of VCS-C/VCS-E

  Hello

  Customer has no DMZ. So, what are my options to configure a deployment of VCS-C/VCS-E?

  How is it I could reach the goal that VCSC and VCSe contact area of neighbor?

  Do I need to assign an internal IP address (without static nat) and LAN2 in also an IP address in-house with NAT static external IP LAN1.

  Prerequisite for which is 'Dual touch Option NIC', no?

  At the moment I have no double key Option of NIC, then the only way in my deployment is the DMZ preffered way, right? Or make me another option?

  Concerning

  Thorsten

  Well, in this case, you can have the VCS-E in public, VCS - C behind the firewall and an area between the two.

  You can increase the security nat'ing and with who use dual NICs on the VCS-E option.

  I also either turn off or at least to block SSH on VCS-E to the public.

  Deployment Guide:

  http://www.Cisco.com/en/us/docs/Telepresence/infrastructure/VCs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X7-1.PDF

  /Jens

• Jabber presence doesn't work not between VCSe and Express, but works if you are registered to the same VCS...

  Hello

  I have a problem where the presence does not work between users registered on the VCSC and the VCSe.

  If a user on the VCSe registers, they cannot see the presence of VCSe registered users, and even, registered on the VCSC users see only the presence of records on the VCSC.

  TMS is running 14.1.1 with TMSPE

  VCSC and VCSe run every two X7.2.

  Both the VCSC and and VCSe each with authentication Active Directory (direct)

  Wouldn't be better to have control of VCS and VCS Expressway with authentication Active Directory (directly) on the control of VCS?

  Thank you very much

  Rob

  Hello

  in most cases, you want the VCS control to contain the presence information and VCS Highway to simply forward requests for control of VCS.
  Should be set to the 'on' presence User Agent and server on your control and only the User Agent of the presence on the highway in position 'on '.

  You can find more details in the VCS Administrator's guide.

  Sent by Cisco Support technique iPhone App

• Understand the flow of appeal through VCS c/e

  Hey Geeks,

  I write this to understand "how to work things. Here's the design.

  I have a VCSC configured with the name of the domain example.com SIP (we have internal DNS server to resolve)

  I have a VCSe configured with the name of the cisco.com SIP domain (we have external DNS server to make globally routable)

  I create a link bw VCSC and VCSe course.

  How the call will flow between the Ep A and B Ep

  Scenario a.

  My Ep A is [email protected] / * / dials Ep B Jabber client (user) recorded on VCSe [email protected] / * /

  How call flows; I understand that the flow of the beginning IE Ex 90 will send a register message to VCSC etc etc.

  Scenario B:

  If Ep A [email protected] / * / call a 3rd party (distinct) = (inter appeal cases) End point ie [email protected] / * /

  How runs the call.

  Please excuse me for asking layman explanation:

  Thanks in advance

  Vikram

  Hi Vikram,

  First thing to note is in most of the customer scenario prefer same sip domain on highways and control so that they can avoid transform and simplify the numbering plan.

  Happens to your scenario.

  Scenario a.

  EP A VCS-contrl<--traversal-->VCS - Ex <--SIP--><--sip-->Ep B (points of termination assumptions made using the SIP protocol)

  EP began with the sending of a guest for VCS-cntrol SIP message, which gets transmitted to VCS - by VCS-cntrl exp, hope you're installation rules research properly on vcs control.

  VCS - exp send this appeal to Ep B and call connect. You can google for SIP call flow, so nothing different happens in this case.

  Scenario B

  EP A VCS-cntrl<--traversal-->VCS - Exp<-->public cloud<--SIP--><-->Ep B (dell.com)

  A DNS zone, which uses the dns configured on exp do query srv records to the external field like "dell.com" is now required to apply for external part VCS - exp

  in this scenario again Ep began with the sending of a message to the VCS-cntrl invitation gets sent to the SCV - exp rules-based research. VCS - exp begins looking for new address based on the rule of the research and since it does not find the URI ending with exp and "dell.com" starts to send query record srv for the domain "dell.com". DNS configured on exp in the SRV company A sends question and get an answer for this domain with the company B VCS - exp - ip address, and then vcs - exp in company A starting configuration of the call to the remote ip address.

  now in the present, you can have several scenarios and I recommend you consult the guide deployment for VCS-control and traversal solution VCS - exp.

  Rgds,

  Alok

• in how many ways could connect a different company of telepresence?

  Hi all

  I am new in the field of video conferencing and telepresence.

  I would like to know how many ways there are to log to a different company to do a telepresence session.

  Currently I am an infrastructure management of telepresence in which all the other location are 30 Km away and are all part of the same intranet.
  Obviously, we have a VCSC and VCSe and a MCU.

  If I do not have an intranet, and I want to connect to a different location, how can I do? VPN? Is it possible to use only the public internet?

  for example, if I have 3 location (200 km) and each location offers free SSDL (declining from 4 Mbps to 4 Mbps), can I connect them?
  I thought to use for example a VCS Espress starter pack in one place and 3 codec SX20.
  Is it possible to have a 720 p call given the distances?

  Just to add to the comment of the juriss; be sure to include 20% overhead for each call, when you calculate the bandwidth you can use. I.e. for a 768 Kbps call, you will need a minimum of 922 kbps available b & w.

  I would create a separate subfield on the VCS E existing for these systems to register, allowing you to specify the b/w max available within the area, as well as max eligible b & w by appeal. This way you won't have to worry about potential problems caused by a connection at a higher rate.

  /Jens

  Please note the answers and score the questions as "answered" as appropriate.

• What client H.323 software is registered in the VCS

  Hi, as Cisco Jabber client video need TMS is registered in the VCS, but I get VCSC and VCSE.

  I want a client software that can be installed on my Windows laptop and join the VCSC (h.323 or SIP) for call video test.

  could you please give me some suggestions? Thank you.

  Hi George,.

  Yes of course. X - Lite requires no server supply work, because you make the configuration in the client itself. Jabber for telepresence requires a server of supply (such as TMS) to work, because most configuration are provided by the server and cannot be configured in the client itself, but X-Lite is different.

  You can register X-Lite for VCS without having to place any other infrastructure component. I works very well here.

  I hope this helps.

  Paulo Souza

  My answer was helpful? Please note the useful answers and do not forget to mark questions resolved as "responded."

• Jabber comments

  -What is Jabber comments free license? I was really interested to install Jabber comments.  We have all the necessary equipment to support the comments of Jabber, I just need to upgrade the VCSC and VCSe to 8.2.  It seems that Jabber client is a virtual server that must be deployed.  I went to the Cisco downloads page and was not able to see the virtual server to download the file, or whatever it is for Jabber client.  If necessary licenses to buy, any ideas on the cost would help as well.

  Thanks in advance,

  AlexLP

  You can only get from a dealer that I believe and it's an article to $0, but you will need to purchase licenses for comments on VCS jabber sessions

  http://www.Cisco.com/c/en/us/TD/docs/voice_ip_comm/Jabber/guest/10_0/RN/...

• Client Jabber Viceo registry for VCS/MSDS

  Hello

  I am trying to record a video jabber VCS or TMS customer but his does not work. Whenever I was

  "Bad username, domain and/or password". Check spelling and caps lock.

  Do not know why. Should what I do to register a customer with username and password? VCSC and VCSe are configured for access from inside and outside VCSe.

  Is there a guide for video Jabber clients?

  Best regards

  Jason

  Hi Jason!

  You need a starter pack of VCS-highway or TMS (license + Movi licenses) and a VCS (with the option of commissioning key device).

  As you write VCSe and c its more likely that you do not have the starter pack.

  She has need of configuration and user creation, so it would work not just out of the box.

  The recommended method is the TMSPE, you will find here the deployment guide:

  http://www.Cisco.com/en/us/docs/Telepresence/infrastructure/tmspe/Install_Guide/Cisco_TMSPE_Deployment_Guide_1-0.PDF

  If you have older versions of TMS/VCS you will use it (but I recommend you upgrade and use TMSPE!):

  http://www.Cisco.com/en/us/docs/Telepresence/infrastructure/TMS/config_guide/Cisco_TMS_Provisioning_Deployment_Guide_13-0.PDF

  In addition to this documentation Cisco for TMS, VCS and JabberVideo control.

  TMS:

  http://www.Cisco.com/en/us/products/ps11338/tsd_products_support_series_home.html

  VCS:

  http://www.Cisco.com/en/us/products/ps11337/tsd_products_support_series_home.html

  JabberVideo:

  http://www.Cisco.com/en/us/products/ps11328/tsd_products_support_series_home.html

  Jason: Please note the validations and define the thread if it's an answer!

• Crossing call - 403 forbidden problem

  Hello

  We deployed the VCS control with VCS Expressway for the course of firewall and encountered a problem. It says on the status of the call VCSe, 403 forbidden

  When an external end point registered as SIP on the VCSe will call to an internal endpoint as a SIP to the VCSC.

  Here are some of the scenarios test, we have carried out and the results:

  1. check internal endpoints SIP VCSC - OK

  2 external endpoint SIP registartion to VCSe - OK

  3 internal endpoint endpoint internal SIP calls via VCSC - OK

  4. external point endpoint endpoint external SIP calls via VCSe - OK

  5 internal endpoint endpoint external SIP calls through the VCSC and VCSe - OK

  6. point endpoint endpoint internal external call SIP via VCSC and VCSe - failed (403 forbidden)

  On item 6, which is the only problem we are trying to solve.

  Which are necessary to check?

  Thank you.

  BR,

  Acevirgil Ocampo

  I recommend no doubt create a subzone for Movi, you can also control the bandwidth also. I have never save anything to the default subfield on Highway and off the record for security purposes. Movi clients enter their own subfield

  NES as well as sub-areas for other specific things.

  For security reasons, I don't like is not verification of the credentials on the highway, especially if you have an ISDN gateway or maybe control has a route on the PSTN. Fraud free of charge is not sweet.

  I always sent SSO via local vs LDAP authentication. It becomes difficult when you are unable to join the fast track to the area but still want to authenticate and verify the credentials. The trick is that you must create a local user on the highway, and then create the same identical user name and the password in active directory. Then in MSD, get these credentials by using the model configuration for the version / MOVI device.