Cisco Cisco Expressway
Appendix 4: Advanced Network Deployments
Prerequisites
■
Apply an Advanced Networking option key on any Expressway-E that needs static NAT or two LAN interfaces.
The Advanced Networking option is available only on the Expressway-E.
■
Disable SIP and H.323 ALGs (SIP / H.323 awareness) on routers/firewalls carrying network traffic to or from the
Expressway-E.
Expressway-E.
We strongly recommend disabling this functionality on the firewall/s when deploying an Expressway-E behind a
NAT, because our experience shows that they do not handle video traffic properly. You must use the Expressway
to perform the static network address translation on its own interface. Read more in
NAT, because our experience shows that they do not handle video traffic properly. You must use the Expressway
to perform the static network address translation on its own interface. Read more in
.
Planning Your Deployment
Do Not Overlap Subnets
The recommended deployment of the Expressway-E configures both LAN interfaces. The LAN1 and LAN2 interfaces
must be located in non-overlapping subnets to ensure that traffic is sent out the correct interface.
must be located in non-overlapping subnets to ensure that traffic is sent out the correct interface.
Clustering
■
When the peers have the Advanced Networking option installed, you must use the LAN1 interface address of
each peer to create the cluster.
each peer to create the cluster.
■
The LAN interface that you use for clustering must not have Static NAT mode enabled.
For these reasons, we recommend that you use LAN2 as the externally facing interface, and also enable static NAT on
LAN2 when it's required.
LAN2 when it's required.
External LAN Interface Setting
The External LAN interface configuration setting, on the IP configuration page, controls where the Expressway-E's
TURN server allocates TURN relays. In the recommended dual NIC deployment, you should select the externally-facing
LAN interface (LAN2) on the Expressway-E.
TURN server allocates TURN relays. In the recommended dual NIC deployment, you should select the externally-facing
LAN interface (LAN2) on the Expressway-E.
Recommended: Dual NIC Static NAT Deployment
The following example demonstrates the recommended deployment. It shows the typical DMZ configuration where the
internal and external firewalls cannot route directly to each other, and dual NIC devices such as Expressway-E are
required to validate and forward the traffic between the isolated subnets.
internal and external firewalls cannot route directly to each other, and dual NIC devices such as Expressway-E are
required to validate and forward the traffic between the isolated subnets.
The Expressway-E has both NICs enabled, and it has static NAT enabled on its outward-facing LAN interface. The
Expressway-C inside the network is a traversal client of the Expressway-E in the DMZ.
Expressway-C inside the network is a traversal client of the Expressway-E in the DMZ.
Figure 8 Dual Network Interfaces Deployment
44
Cisco Expressway-E and Expressway-C - Basic Configuration Deployment Guide