Thank you very much bvanturn!

danny.yf_li · ‎07-07-2016

Hi all

I am going to deploy CWMS for customer. The deployment should enable public access and support 50 concurrent users. The admin VM is placed in internal network and IRP VM is placed in DMZ network. Non-Split Horizon DNS is used. My questions are as below:

Internal domain: abc.lan

External domain: abc.org

webEX user site url: meeting.abc.org

webEX admin site url: meetingadmin.abc.org

admin vm ip: 172.16.225.42

IRP ip is 192.168.106.176

The Private vip for WebEX admin site url is : 172.16.225.50

The public vip for WebEX meeting site url is : 192.168.106.177

Public ip which will be mapped /NATed to 192.168.106.177 is 222.222.222.222(fake)

1) Which ip shoud be added on internal DNS and external DNS for WebEx user meeting url?

192.168.106.177 (public vip) or 222.222.222.222? (public real ip)

2) Can I use internal domain (abc.lan) as the domain name configured on vTS, conductor, TMS and CWMS ?

Since meeting.abc.org will be used as the WebEX user site url. will there be any conflict on domain name?

Thank for very much!!

bvanturn · ‎07-08-2016

1) Either will work for internal users (if your network allows it). Likely it makes more sense that they go directly to the public vip (192.168.106.177) instead of being nat'ed.

2) Believe this may be ok yes, can't immediately think of why this would be a problem.

danny.yf_li · ‎07-08-2016

Thanks bvanturn

So, should I map public VIP (192.168.106.177) to internal DNS for internal users and 222.222.222.222 to external DNS for internet users?

bvanturn · ‎07-08-2016

Yes that's ok from CWMS perspective.

danny.yf_li · ‎07-08-2016

Thank you very much bvanturn!! Hopefully everything will be working fine next week.

Jeff Levensailor · ‎06-12-2017

in the deployment it asks for the meeting url (meeting.abc.com)

in a non split horizon dns situation this must resolve to the public ip.. but then the IRP host ip must be in the same subnet as the public vip, so question is..

how then do you use a DMZ ? I can't just put public ips on these two boxes, I have to NAT

dpetrovi · ‎06-13-2017

You can use simple NAT-ing.

That way, your internal DNS will resolve WebEx Site URL to Public VIP on IRP Eth1 adapter (which will be in DMZ subnet), while external DNS will resolve WebEx Site URL to public IP you configure on your Firewall which you will NAT to Public VIP on IRP Eth1 adapter .

I hope this helps.

-Dejan

Youssef Aoufi · ‎03-28-2018

Hi Dejan,

We are about to deploy CWMS for one of my customers.

We have decided to deploy Non-Split Horizon DNS since we don't have a DMZ DNS.

My customer has separate domains for internal and external DNS: On internal DNS we have domain : tatainternal.net . the external domain is tata.com

tata.com is not resolvable from internal DNS.

My DNS records are as follow:

admin1: cwms1.tatainternal.net --> 10.12.15.10 LAN

admin2: cwms2.tatainternal.net --> 10.12.15.11 LAN

adminvip: cwmsadmin.tatainternal.net --> 10.12.15.12 LAN (private VIP)

irp1: irp1.tatainternal.net --> 10.12.16.10 DMZ

irp2: irp2.tatainternal.net --> 10.12.16.11 DMZ

irpvip: ????webex url site --> 10.12.16.12 DMZ

My question is regarding the webex url site for internal users. Since we are using Non split horizon the webex url will resolve to public VIP (DMZ) using internal DNS. But since tata.com domain is not configured on internal DNS i am confused about the A record that we must configure.

For external users, there is no problem, we will use for example : meeting.tata.com on external DNS resolving to a Public IP natted to the public VIP on DMZ.

Regards

Youssef Aoufi · ‎04-02-2018

Hi guys, anyone??

CWMS question about DNS records