Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5962
Views
0
Helpful
8
Replies

Cisco Collab Edge MRA with multiple Domains

Go to solution
kgraz1987
Level 1
Level 1

‎12-04-2014 02:38 PM - edited ‎03-17-2019 04:43 PM

I have an interesting setup I am attempting to configure.  The client has 3 domans.  
Internet facing Domain: company.com
Internal facing Domain: local.company.com
DMZ/extranet Domain: local.ext
 
The CUCM, IM&P and (VCS C or Expressway C) sit on the local domain.  For example CUCM.local.company.com, IM&P.local.company.com, and VCSC.local.company.com.
 
The VCS E or Expressway E sits in the extranet domain.  For example VCSE.local.ext.
 
I don't know how this scenario is going to work.  I am currently in the process of setting it up.  From the end user end on the outside the jabber client does an SRV lookup of  _collab-edge._tls.company.com.  There is a public SRV record which has one A record for the public address of the VCS E.
Question are:
1. is the A record pointing at VCSE.company.com even though the real FQDN of the server is VCSE.firm.ext?
2. Also does anyone think this will work?
3. If it will work how will the certs be affected with three different domains?
4. If this will not work should I have the client extend the company.com into the extranet?  I apologize if it is a stupid question, I am not a DNS expert.
1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ayodeji Okanlawon
VIP Alumni
VIP Alumni

‎12-04-2014 03:18 PM

The simple answer is that this will not work. For jabber MRA to work, both internal and external domain need to be resolvable from the internet. For you to come close to a working solution you will need to implement split DNS domain.

Please rate all useful posts

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Ayodeji Okanlawon
VIP Alumni
VIP Alumni

‎12-04-2014 03:18 PM

The simple answer is that this will not work. For jabber MRA to work, both internal and external domain need to be resolvable from the internet. For you to come close to a working solution you will need to implement split DNS domain.

Please rate all useful posts
0 Helpful

Go to solution
azeem.haider
Level 1
Level 1
In response to Ayodeji Okanlawon

‎12-10-2014 12:10 PM

Hi..

I am Facing Exactly the same issue.

Customer has two Domain (External and Internal). 

CMCM,Presence, VCSC, VCSE all are in Internal Domain.When i am trying to login from External jabber client i use External Domain name because this domain is resolving VCSE Hostname but i am unable to Login.

can you please Suggest the Solution for this..or do i have to change the Domain on CUCM, Presence,VCSC, VCSE to external..?

I search one document on this as well, tried but didn't work..

Preview file
383 KB
0 Helpful

Go to solution
Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to azeem.haider

‎12-10-2014 12:14 PM

The only solution is to implement split DNS. There is no other work around

Please rate all useful posts
0 Helpful

Go to solution
azeem.haider
Level 1
Level 1
In response to Ayodeji Okanlawon

‎12-10-2014 12:27 PM

How to implement SPlit DNS...?

Do you have any good Document with you...

0 Helpful

Go to solution
Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to azeem.haider

‎12-10-2014 12:52 PM

Split DNS domain is a job for windows/server team. It has a huge implication as you will have to host a copy of your external domain internally..

You can google this and you will see documentation on how to implement it

 

Please rate all useful posts
0 Helpful

Go to solution
Steven Luton
Level 1
Level 1
In response to Ayodeji Okanlawon

‎01-19-2015 08:21 AM

I have just implemented MRA at a client site where they have internal and external domains.  We decided to put the both SRV records on the external domain.  This works logging in internally and logs show that externally the cisco-uds srv times out and it uses the collab-edge to connect.  Cisco TAC supported this deployment.  We still seem to be getting the error when logging in externally that jabber cannot connect to server.  Is there anyone that has this working and would like to share their design?

0 Helpful

Go to solution
ahmed-hassan1110
Level 1
Level 1
In response to Ayodeji Okanlawon

‎05-21-2015 04:46 AM

Hi Ayodeji,

I have the following client setup :

- Split horizon DNS.

- 2 domains as follows, Internal: domain.local and external: domain.com

- All UC servers are joining the local domain, CUCM.domain.local, IM&P.doamin.local, CUC.domain.local,....etc.

- I have EXP-C and EXP-E to enable the Mobile Remote Access for Jabber clients from outside.

I'm able to make the EXP-C either on domain.local or domain.com and for sure the EXP-E on the DMZ will be on the domain.com as it will be a public record.

 

my question is, should i place the EXP-C in the domain.local (internal) or domain.com (external) for the setup to work?

I have the following concerns:

- If i placed the EXP-C in the external will its communications with the internal UC servers which are all in the internal domain be okay ? and will the certificate trust relation with all UC servers and relation with the EXP-E will be fine?

- If i placed the EXP-C in the internal will the certificate trust relation with all UC servers and relation with the EXP-E will be fine?

0 Helpful

Go to solution
epicolo
Level 3
Level 3

‎02-26-2015 05:36 AM

Take a look at this doc:

http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway-series/117811-configure-vcs-00.html
 

Maybe will clarify and you can adapt your network.

 

regards

0 Helpful
Customers Also Viewed These Support Documents