[cisco-voip] CUBE design consideration

Blake Pfankuch - Mailing List blake.mailinglist at pfankuch.me
Sun Nov 10 14:09:02 EST 2013


See answers in line below.

From: Yham [mailto:yhameed81 at gmail.com]
Sent: Sunday, November 10, 2013 12:00 PM
To: Blake Pfankuch - Mailing List
Cc: Ed Leatherman; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] CUBE design consideration

Hi Ed and Blake,
Thanks for your input.
I started thinking that CUBE is not the right solution for me.

I read about Cisco VCS expressway and still reading more now. It seems this product is an edge device specifically for video conferencing for mobile telepresence endpoints e.g.  EX90, Movi. So it may partially serve the purpose. I am trying to figure out if  1) it can terminate the Jabber and other voice only softphones like IPcommunicator etc. 2) if it provide the network hiding like cube using nat or some other techniques.
Blake,
I studied ASA as TLS and phone proxy but trying to find out if

1) they can handle large volume of calls in SP environment without having issues
We have about 150 devices registered through them currently with no issues.  I have worked in an environment running asa 5550's supporting 2500 UCM devices (7940 and 7942) on an HA pair.

2) they supports both voice and video soft clients.
I do not have experience with video.  I would suggest engaging your local Cisco partner or your Cisco sales rep to confirm video support.

3) May i please as if you have video endpoints like movi etc that terminate on your ASAs.
We do not have any video endpoints at this time.

4) Secondly, how the remote users access your internal UC infrastructure: using anyconnect vpn to ASA or you are translating (nat) remote user's public address into internal private?
The phone actually "registers" to the ASA and then the ASA has a trustpoint registration to UCM and translates through the ASA.  There is no port forwarding or NAT allowing access from the outside to the inside except through a UC proxy phone registration and termination with the ASA.

5)Finally since you are using encryption, can you please comment on user experience about voice quality, issues like delay, jitter etc?
The only issues we have seen are related to long distance, and poor internet.  I have no issues from my house, or when travelling internationally as long as latency is under 100ms.  We have one user who spends a large amount of time across an ocean who does have issues on occasion.  The encryption is all handled at the ASA.


Thanks once again
Regards

On Sun, Nov 10, 2013 at 12:57 PM, Blake Pfankuch - Mailing List <blake.mailinglist at pfankuch.me<mailto:blake.mailinglist at pfankuch.me>> wrote:
Ahmed,
                I cannot comment on using a CUBE to handle media terminations as you are discussing, however I have significant experience with the ASA UC Proxy functions.  We are using ASA 5550's in HA as a UC Proxy termination point in our production corporate network.  The license is a little pricy, but as it sounds like you are in a reseller/provider platform the added security by enforcing sccp encryption could be a selling point to balance out the cost.  The setup process especially for a soft phone is quite easy for end users.  Not going to lie, the initial UCM/ASA setup can be a little bit of a pain, but allows you to enforce encryption at a selectable strength (aes family) on the calls.

Questions, feel free to let me know.

--Blake

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] On Behalf Of Ed Leatherman
Sent: Saturday, November 9, 2013 9:52 PM
To: Ahmed -Y
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] CUBE design consideration

Ahmed,

I can't comment on Cube, but maybe another product to review, I think cisco's expressway product might do some similar things.

http://www.cisco.com/en/US/prod/collateral/ps7060/ps11305/ps11315/ps11337/data_sheet_c78-697073.html
-
Sent from Mailbox<https://www.dropbox.com/mailbox> for iPhone


On Sat, Nov 9, 2013 at 8:43 PM, Ahmed -Y <yhameed81 at gmail.com<mailto:yhameed81 at gmail.com>> wrote:
Hi Guys,
I have few questions and really thankful if you answer them.
Currently softphones from customers registered directly with shared UC infrastructure (cucm, unity, presence etc). Now we are planning to deploy some kinda gateway device and softphones from customer must register/terminate on it before reach to UC infra. This gateway device must hide the internal network and protect any potential attacks. Any advice please.

1) I read about cube. I provide topology hiding and protection but question is can softphones like jabber or movi be terminated on cube and then cube initiate separate call leg to cucm?
2) I understood cube hide topology using NAPT (nat), could there be any issues by enabling nat base hiding?

Regards


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20131110/cf11a32d/attachment.html>


More information about the cisco-voip mailing list