Configuring Vcss For Firewall Traversal - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
The VCS also supports SIP outbound, which is an alternative method of keeping firewalls open without
l
the overhead of using the full registration message.
SIP and H.323 endpoints can register to the VCS Expressway or they can just send calls to the
n
Expressway as the local "DMZ" firewall has relevant ports open to allow communication to the
Expressway over SIP and H.323 ports.
Endpoints can also use
ICE
communications between themselves. Media can be sent directly from endpoint to endpoint, from endpoint
via the outside IP address of the destination firewall to the destination endpoint or, endpoint via a TURN
server to destination endpoint.
The VCS supports ICE for calls where the VCS does not have to traverse media (for example if there is no
n
IPv4/IPv6 conversion or SIP / H.323 conversion), so typically this means 2 endpoints which are able to
support ICE, directly communicating to a VCS Expressway cluster.
The VCS has its own
TURN server
n
Configuring VCSs for firewall traversal
This section provides an overview to how your VCS can act as a traversal server or as a traversal client.
VCS as a firewall traversal client
Your VCS can act as a firewall traversal client on behalf of SIP and H.323 endpoints registered to it, and any
gatekeepers that are neighbored with it. To act as a firewall traversal client, the VCS must be configured with
information about the systems that will act as its firewall traversal server.
You do this by adding a new traversal client zone on the VCS client
and configuring it with the details of the traversal server. See
information. You can create more than one traversal client zone if you want to connect to multiple traversal
servers.
Note that:
In most cases, you will use a VCS Control as a firewall traversal client. However, a VCS Expressway can
n
also act as a firewall traversal client.
The firewall traversal server used by the VCS client can be a VCS Expressway, or (for H.323 only) a
n
TANDBERG Border Controller.
VCS as a firewall traversal server
The VCS Expressway has all the functionality of a VCS Control (including being able to act as a firewall
traversal client). However, its main feature is that it can act as a firewall traversal server for other Cisco
systems and any traversal-enabled endpoints that are registered directly to it. It can also provide TURN relay
services to ICE-enabled endpoints.
Configuring traversal server zones
For the VCS Expressway to act as a firewall traversal server for Cisco systems, you must create and
configure a traversal server zone on the VCS Expressway
configure it with the details of the traversal client. See
information.
Cisco VCS Administrator Guide (X7.2)
to find the optimal (in their view of what optimal is) path for media
built in to support the required functionality of ICE.
(VCS configuration > Zones
Configuring traversal client zones
(VCS configuration > Zones >
Configuring traversal server zones
Firewall traversal
> Zones)
for more
Zones) and
for more
Page 231 of 498
Hide quick links:
Advertisement
Table of Contents
