Configuring static NAT
You can deploy the VCS Expressway behind a static NAT device, allowing it to have separate public and
private IP addresses. This feature is intended for use in deployments where the VCS Expressway is located
in a DMZ, and has the
Advanced Networking
feature enabled.
In these deployments, the externally-facing LAN port has static NAT enabled in order to use both a private
and public IPv4 address; the internally facing LAN port does not have static NAT enabled and uses a single
IPv4 (or IPv6) address.
In such a deployment, traversal clients should be configured to use the internally-facing IP address of the
VCS Expressway.
To enable the use of a static NAT:
1. Ensure that the
Advanced Networking
option key is installed.
2. For the externally-facing LAN port:
a. In the
IPv4 address
field, enter the VCS Expressway's private IP address.
b. Set
IPv4 static NAT mode
to
On
.
c. In the
IPv4 static NAT address
field, enter the VCS Expressway's public IP address - this is the IP
address of the outside of the NAT.
Static NAT restrictions when using SIP media encryption
You should not configure a VCS for SIP media encryption if that same VCS is also configured for static NAT.
If you do so, the private IP address will be sent in the SDP rather than the static NAT address and this will
cause calls to fail.
Note that the recommended configuration for VCS Control with VCS Expressway deployments is to:
n
configure the same media encryption policy setting on the traversal client zone on VCS Control, the
traversal server zone on VCS Expressway, and every zone and subzone on VCS Expressway
n
use static NAT on the VCS Expressway only
With this configuration the encryption B2BUA will be enabled on the VCS Control only.
Configuring Ethernet settings
The
Ethernet
page (
System > Ethernet
) is used to configure the speed of the connection between the VCS
and the Ethernet switch to which it is connected. The speed must be set to the same value on both systems.
If you have the
Advanced Networking
option enabled, you can configure the Ethernet speed separately for
each LAN port.
The default is
Auto
, which means that the two systems will auto-negotiate the appropriate speed.
Note:
we recommend that you use the default value of
Auto
unless the switch to which you are connecting is
unable to auto-negotiate. A mismatch in Ethernet speed settings between the VCS and Ethernet switch will
at best result in packet loss; at worst it will make the system inaccessible for endpoints and system
administrators.
Cisco VCS Administrator Guide (X8.1.1)
Page 31 of 507
Network and system settings
Network settings