Cisco Cisco Expressway Maintenance Manual
Configuring static NAT
You can deploy the Expressway-E behind a static NAT device, allowing it to have separate public and private
IP addresses. This feature is intended for use in deployments where the Expressway-E is located in a DMZ,
and has the Advanced Networking feature enabled.
IP addresses. This feature is intended for use in deployments where the Expressway-E is located in a DMZ,
and has the Advanced Networking feature enabled.
In these deployments, the externally-facing LAN port has static NAT enabled in order to use both a private
and public IPv4 address; the internally facing LAN port does not have static NAT enabled and uses a single
IPv4 (or IPv6) address.
and public IPv4 address; the internally facing LAN port does not have static NAT enabled and uses a single
IPv4 (or IPv6) address.
In such a deployment, traversal clients should be configured to use the internally-facing IP address of the
Expressway-E.
Expressway-E.
To enable the use of a static NAT:
1. Ensure that the Advanced Networking option key is installed.
2. For the externally-facing LAN port:
a. In the IPv4 address field, enter the Expressway-E's private IP address.
b. Set IPv4 static NAT mode to On.
c. In the IPv4 static NAT address field, enter the Expressway-E's public IP address - this is the IP
b. Set IPv4 static NAT mode to On.
c. In the IPv4 static NAT address field, enter the Expressway-E's public IP address - this is the IP
address of the outside of the NAT.
Note: The combination of having static NAT mode on and having the B2BUA engaged to do media
encryption/decryption can cause the firewall outside the Expressway-E to mistrust packets originating from
the Expressway-E. You can work around this by configuring the firewall to allow NAT reflection. If your
firewall cannot allow this, you must configure the traversal path such that the B2BUA on the Expressway-E
is not engaged.
encryption/decryption can cause the firewall outside the Expressway-E to mistrust packets originating from
the Expressway-E. You can work around this by configuring the firewall to allow NAT reflection. If your
firewall cannot allow this, you must configure the traversal path such that the B2BUA on the Expressway-E
is not engaged.
Configuring DNS settings
The
DNS
page (
System > DNS
) is used to configure the Expressway's DNS servers and DNS settings.
Configuring the system host and domain name
The System host name defines the DNS host name that this Expressway is known by.
n
It must be unique for each peer in a cluster.
n
It is used to identify the Expressway on a remote log server (a default name of "TANDBERG" is used if the
System host name is not specified).
System host name is not specified).
The Domain name is used when attempting to resolve unqualified server addresses (for example
ldapserver
ldapserver
). It is appended to the unqualified server address before the query is sent to the DNS server. If
the server address is fully qualified (for example ldapserver.mydomain.com) or is in the form of an IP
address, the domain name is not appended to the server address before querying the DNS server.
address, the domain name is not appended to the server address before querying the DNS server.
It applies to the following configuration settings in the Expressway:
n
LDAP server
n
NTP server
n
External Manager server
n
Remote logging server
Cisco Expressway Administrator Guide (X8.5.1)
Page 24 of 399
Network and system settings
Network settings