Other Issues; Firewall Traversal And Dual Network Interfaces; Firewall Configuration; Administrator Guide - Cisco TelePresence Administrator's Manual

Grey Headline (continued)

Other issues

Firewall traversal and Dual Network Interfaces

The Dual Network Interfaces option key enables the LAN 2 interface on your VCS Expressway (the
option is not available on a VCS Control). The LAN 2 interface is used in situations where your VCS
Expressway is located in a DMZ that consists of two separate networks - an inner DMZ and an
outer DMZ - and your network is configured to prevent direct communication between the two.
With the LAN 2 interface enabled, you can configure the VCS with two separate IP addresses, one
for each network in the DMZ. Your VCS then acts as a proxy server between the two networks,
allowing calls to pass between the internal and outer firewalls that make up your DMZ.
All ports configured on the VCS, including those relating to firewall traversal, apply to both
IP addresses; it is not possible to configure these ports separately for each IP address.
Overview and System
Introduction
status configuration
D14049.08
November 2010
Cisco VCS Zones and Clustering and
configuration neighbors peers
In order for Expressway™ firewall traversal to function correctly, the firewall must be configured to:
•
allow initial outbound traffic from the client to the ports being used by the VCS Expressway
•
allow return traffic from those ports on the VCS Expressway back to the originating client
Cisco offers a downloadable tool, the Expressway Port Tester, that allows you to test your firewall
configuration for compatibility issues with your network and endpoints. It will advise if necessary
which ports may need to be opened on your firewall in order for the Expressway™ solution to
function correctly. The Expressway Port Tester currently only supports H.323. Contact your Cisco
representative for more information.
You are recommended to turn off any H.323 and SIP protocol support on the firewall: these
!
are not needed in conjunction with the Cisco Expressway™ solution and may interfere with
its operation.
The pages under the Maintenance > Tools > Port usage menu show, in table format, all
the IP ports that are being used on the VCS, both inbound and outbound. This information
can be provided to your Firewall Administrator in order to allow them to configure the
firewall appropriately. See the
Call Bandwidth
processing control
134
CISCO TELEPRESENCE VIDEO COMMUNICATION SERVER

Firewall configuration

Port usage section for further information.
Firewall
Applications Maintenance
traversal

ADMINISTRATOR GUIDE

Appendices