Cisco Cisco TelePresence Video Communication Server Expressway
Ensure that the cisco-uds and _cuplogin SRV records are NOT resolvable outside of the internal
network, otherwise the Jabber client will not start mobile and remote access negotiation via the VCS
Expressway.
network, otherwise the Jabber client will not start mobile and remote access negotiation via the VCS
Expressway.
Note: We strongly recommend that you create internal DNS records, for both forward and reverse lookups,
for all Unified Communications nodes used with Mobile and Remote Access. This should allow VCS Control
to find the nodes when IP addresses are used instead of FQDNs.
for all Unified Communications nodes used with Mobile and Remote Access. This should allow VCS Control
to find the nodes when IP addresses are used instead of FQDNs.
Firewall
n
Ensure that the relevant ports have been configured on your firewalls between your internal network (where
the VCS Control is located) and the DMZ (where the VCS Expressway is located) and between the DMZ
and the public internet. See
the VCS Control is located) and the DMZ (where the VCS Expressway is located) and between the DMZ
and the public internet. See
for more information.
n
If your VCS Expressway has one NIC enabled and is using static NAT mode, note that:
You must enter the FQDN of the VCS Expressway, as it is seen from outside the network, as the peer
address on the VCS Control's secure traversal zone. The reason for this is that in static NAT mode, the
VCS Expressway requests that incoming signaling and media traffic should be sent to its external FQDN,
rather than its private name.
This also means that the external firewall must allow traffic from the VCS Control to the VCS
Expressway's external FQDN. This is known as NAT reflection, and may not be supported by all
types of firewalls.
See the Advanced network deployments appendix, in the
You must enter the FQDN of the VCS Expressway, as it is seen from outside the network, as the peer
address on the VCS Control's secure traversal zone. The reason for this is that in static NAT mode, the
VCS Expressway requests that incoming signaling and media traffic should be sent to its external FQDN,
rather than its private name.
This also means that the external firewall must allow traffic from the VCS Control to the VCS
Expressway's external FQDN. This is known as NAT reflection, and may not be supported by all
types of firewalls.
See the Advanced network deployments appendix, in the
, for more information.
Unified CM
1. If you have multiple Unified CM clusters, you must confgure ILS (Intercluster Lookup Service) on all of
the clusters.
This is because the VCS needs to communicate with each user's home Unified CM cluster, and to
discover the home cluster it sends a UDS (User Data Service) query to any one of the Unified CM nodes.
Search for "Intercluster Lookup Service" in the
This is because the VCS needs to communicate with each user's home Unified CM cluster, and to
discover the home cluster it sends a UDS (User Data Service) query to any one of the Unified CM nodes.
Search for "Intercluster Lookup Service" in the
2. Ensure that the Maximum Session Bit Rate for Video Calls between and within regions (
System
> Region Information > Region
) is set to a suitable upper limit for your system, for example 6000 kbps.
for more information.
3. The Phone Security Profiles in Unified CM (
System > Security > Phone Security Profile
) that are
configured for TLS and are used for devices requiring remote access must have a Name in the form of an
FQDN that includes the enterprise domain, for example jabber.secure.example.com. (This is because
those names must be present in the list of Subject Alternate Names in the VCS Control's server
certificate.)
FQDN that includes the enterprise domain, for example jabber.secure.example.com. (This is because
those names must be present in the list of Subject Alternate Names in the VCS Control's server
certificate.)
Unified Communications Mobile and Remote Access via Cisco VCS Deployment Guide (X8.5.3)
Page 13 of 54
Configuration overview