Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
134
D14049.08
November 2010
November 2010
Grey Headline (continued)
CISCO TELEPRESENCE
VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
Other issues
The Dual Network Interfaces option key enables the LAN 2 interface on your VCS Expressway (the
option is not available on a VCS Control). The LAN 2 interface is used in situations where your VCS
Expressway is located in a DMZ that consists of two separate networks - an inner DMZ and an
outer DMZ - and your network is configured to prevent direct communication between the two.
With the LAN 2 interface enabled, you can configure the VCS with two separate IP addresses, one
for each network in the DMZ. Your VCS then acts as a proxy server between the two networks,
allowing calls to pass between the internal and outer firewalls that make up your DMZ.
option is not available on a VCS Control). The LAN 2 interface is used in situations where your VCS
Expressway is located in a DMZ that consists of two separate networks - an inner DMZ and an
outer DMZ - and your network is configured to prevent direct communication between the two.
With the LAN 2 interface enabled, you can configure the VCS with two separate IP addresses, one
for each network in the DMZ. Your VCS then acts as a proxy server between the two networks,
allowing calls to pass between the internal and outer firewalls that make up your DMZ.
All ports configured on the VCS, including those relating to firewall traversal, apply to both
IP addresses; it is not possible to configure these ports separately for each IP address.
IP addresses; it is not possible to configure these ports separately for each IP address.
Firewall traversal and Dual Network Interfaces
In order for Expressway™ firewall traversal to function correctly, the firewall must be configured to:
•
allow initial outbound traffic from the client to the ports being used by the VCS Expressway
•
allow return traffic from those ports on the VCS Expressway back to the originating client
Cisco offers a downloadable tool, the Expressway Port Tester, that allows you to test your firewall
configuration for compatibility issues with your network and endpoints. It will advise if necessary
which ports may need to be opened on your firewall in order for the Expressway™ solution to
function correctly. The Expressway Port Tester currently only supports H.323. Contact your Cisco
representative for more information.
configuration for compatibility issues with your network and endpoints. It will advise if necessary
which ports may need to be opened on your firewall in order for the Expressway™ solution to
function correctly. The Expressway Port Tester currently only supports H.323. Contact your Cisco
representative for more information.
!
You are recommended to turn off any H.323 and SIP protocol support on the firewall: these
are not needed in conjunction with the Cisco Expressway™ solution and may interfere with
its operation.
are not needed in conjunction with the Cisco Expressway™ solution and may interfere with
its operation.
The pages under the Maintenance > Tools > Port usage menu show, in table format, all
the IP ports that are being used on the VCS, both inbound and outbound. This information
can be provided to your Firewall Administrator in order to allow them to configure the
firewall appropriately. See the
the IP ports that are being used on the VCS, both inbound and outbound. This information
can be provided to your Firewall Administrator in order to allow them to configure the
firewall appropriately. See the
section for further information.
Firewall configuration