Cisco Cisco TelePresence Video Communication Server Expressway
Figure 9 The Web UI for Creating a Static Route
The
xCommand RouteAdd
command and syntax, and the equivalent web UI, are described in full in the VCS help and the
VCS Administrator Guide.
Background Information
The Challenge of NAT for SIP and H.323 Applications
When deploying a VCS Expressway for business to business communications, or for supporting home workers and
travelling workers, it is usually desirable to deploy the VCS Expressway in a NATed DMZ rather than having the VCS
Expressway configured with a publicly routable IP address.
travelling workers, it is usually desirable to deploy the VCS Expressway in a NATed DMZ rather than having the VCS
Expressway configured with a publicly routable IP address.
Network Address Translation (NAT) poses a challenge with SIP and H.323 applications, as with these protocols, IP
addresses and port numbers are not only used in OSI layer 3 and 4 packet headers, but are also referenced within the
packet payload data of H.323 and SIP messages themselves.
addresses and port numbers are not only used in OSI layer 3 and 4 packet headers, but are also referenced within the
packet payload data of H.323 and SIP messages themselves.
This usually breaks SIP/H.323 call signaling and RTP media packet flows, since NAT routers/firewalls will normally
translate the IP addresses and port numbers of the headers, but leave the IP address and port references within the SIP
and H.323 message payloads unchanged.
translate the IP addresses and port numbers of the headers, but leave the IP address and port references within the SIP
and H.323 message payloads unchanged.
To provide an example of this, assume you have a VCS Expressway deployed behind a NAT router and two endpoints.
The VCS Expressway has static NAT disabled on LAN2, but the NAT router is configured with a static 1:1 NAT, NATing
the public address 64.100.0.10 to the VCS Expressway LAN2 IP address 10.0.10.2:
The VCS Expressway has static NAT disabled on LAN2, but the NAT router is configured with a static 1:1 NAT, NATing
the public address 64.100.0.10 to the VCS Expressway LAN2 IP address 10.0.10.2:
Figure 10 Example Deployment with Static NAT on Firewall
■
NAT router with local IP address 10.0.10.1 and NAT IP address 64.100.0.10, statically NATed to 10.0.10.2
■
VCS Expressway LAN1 (internally-facing interface) with IP address 10.0.20.2
54
Cisco VCS Expressway and VCS Control - Basic Configuration Deployment Guide