Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
5
Helpful
1
Replies

CWMS Network Deployment

Go to solution
faisal.almasaabi
Level 1
Level 1

‎06-14-2015 01:09 AM - edited ‎03-17-2019 05:15 PM

Hi,

 

I am planing to deploy a WeBex server with public access with split-horizontal DNS.

50 users, no media server.

 

I just need to verify my external user access path:

 

WeBex URL(Public IP address route-able on cloud) ->Firewall NATed to -> VIP Public (DMZ) -> IRP(DMZ)

 

What if I have HA deployment, will it work with only one Public IP address?

 

Kindly, your advice guys is needed as this product is not supported by PDI.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dpetrovi
Cisco Employee
Cisco Employee

‎06-15-2015 10:29 AM

Hi Faisal,

In CMWS with or without HA when you add Public Access, you will always have only 1 Public VIP address. You might have two IRP VMs (Primary and HA IRP VM), but Public VIP will be active only on one IRP VM at the time, while the other one will be on standby and will take over if the other VM fails. 

Hence, you only need one Public VIP address.

Keep in mind that Public VIP address is hosted on your IRP VM and if you are doing NAT-ing, your public IP address on the Firewall, will be different from the actual Public VIP address configured on the IRP VM. When you use NAT-ing, make sure that your DNS servers that CWMS VMs are configured to use, are resolving WebEx Site URL to Private and Public VIP addresses and not to NAT IP address. Only Public DNS server used on the Internet should resolve your WebEx Site URL to NAT IP address, while DNS servers used in your network that CWMS VMs are configured to use, must resolve WebEx Site URL to Private and/or Public VIP address (DNS server used by IRP VM must resolve WebEx Site URL to Public VIP).

 

I hope this clarifies it for you.

-Dejan

 

View solution in original post

1 Reply 1

Go to solution
dpetrovi
Cisco Employee
Cisco Employee

‎06-15-2015 10:29 AM

Hi Faisal,

In CMWS with or without HA when you add Public Access, you will always have only 1 Public VIP address. You might have two IRP VMs (Primary and HA IRP VM), but Public VIP will be active only on one IRP VM at the time, while the other one will be on standby and will take over if the other VM fails. 

Hence, you only need one Public VIP address.

Keep in mind that Public VIP address is hosted on your IRP VM and if you are doing NAT-ing, your public IP address on the Firewall, will be different from the actual Public VIP address configured on the IRP VM. When you use NAT-ing, make sure that your DNS servers that CWMS VMs are configured to use, are resolving WebEx Site URL to Private and Public VIP addresses and not to NAT IP address. Only Public DNS server used on the Internet should resolve your WebEx Site URL to NAT IP address, while DNS servers used in your network that CWMS VMs are configured to use, must resolve WebEx Site URL to Private and/or Public VIP address (DNS server used by IRP VM must resolve WebEx Site URL to Public VIP).

 

I hope this clarifies it for you.

-Dejan

 

Customers Also Viewed These Support Documents