Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
■
In most cases, you will use a VCS Control as a firewall traversal client. However, a VCS Expressway can also
act as a firewall traversal client.
act as a firewall traversal client.
■
The firewall traversal server used by the VCS client must be a VCS Expressway.
VCS as a Firewall Traversal Server
The VCS Expressway has all the functionality of a VCS Control (including being able to act as a firewall traversal
client). However, its main feature is that it can act as a firewall traversal server for other Cisco systems and any
traversal-enabled endpoints that are registered directly to it. It can also provide TURN relay services to ICE-enabled
endpoints.
client). However, its main feature is that it can act as a firewall traversal server for other Cisco systems and any
traversal-enabled endpoints that are registered directly to it. It can also provide TURN relay services to ICE-enabled
endpoints.
Configuring Traversal Server Zones
For the VCS Expressway to act as a firewall traversal server for Cisco systems, you must create a traversal server
zone on the VCS Expressway (Configuration > Zones > Zones) and configure it with the details of the traversal client.
See
zone on the VCS Expressway (Configuration > Zones > Zones) and configure it with the details of the traversal client.
See
You must create a separate traversal server zone for every system that is its traversal client.
Configuring Other Traversal Server Features
■
For the VCS Expressway to act as a firewall traversal server for traversal-enabled endpoints (such as Cisco
MXP endpoints and any other endpoints that support the ITU H.460.18 and H.460.19 standards), no additional
configuration is required. See
MXP endpoints and any other endpoints that support the ITU H.460.18 and H.460.19 standards), no additional
configuration is required. See
for
more information.
■
■
.
Firewall Traversal and Advanced Networking
The Advanced Networking option key enables the LAN 2 interface on the VCS Expressway (the option is not available
on a VCS Control). The LAN 2 interface is used in situations where the VCS Expressway is located in a DMZ that
consists of two separate networks - an inner DMZ and an outer DMZ - and your network is configured to prevent
direct communication between the two.
on a VCS Control). The LAN 2 interface is used in situations where the VCS Expressway is located in a DMZ that
consists of two separate networks - an inner DMZ and an outer DMZ - and your network is configured to prevent
direct communication between the two.
With the LAN 2 interface enabled, you can configure the VCS with two separate IP addresses, one for each network
in the DMZ. Your VCS then acts as a proxy server between the two networks, allowing calls to pass between the
internal and outer firewalls that make up your DMZ.
in the DMZ. Your VCS then acts as a proxy server between the two networks, allowing calls to pass between the
internal and outer firewalls that make up your DMZ.
When Advanced Networking is enabled, all ports configured on the VCS, including those relating to firewall traversal,
apply to both IP addresses; you cannot configure ports separately for each IP address.
apply to both IP addresses; you cannot configure ports separately for each IP address.
Configuring a Traversal Client and Server
The basic steps in configuring a traversal client and server are as follows:
Step Description
On the VCS Expressway, create a traversal server zone (this represents the incoming connection from the
VCS Control). In the Username field, enter the VCS Control’s authentication username.
VCS Control). In the Username field, enter the VCS Control’s authentication username.
On the VCS Expressway, add the VCS Control’s authentication username and password as credentials into
the local authentication database.
the local authentication database.
On the VCS Control, create a traversal client zone (this represents the connection to the VCS Expressway).
43
Cisco TelePresence Video Communication Server Administrator Guide