cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1074
Views
0
Helpful
8
Replies
Highlighted
Beginner

CWMS question about DNS records

Hi all

 

         I am going to deploy CWMS for customer. The deployment should enable public access and support 50 concurrent users. The admin VM is placed in internal network and IRP VM is placed in DMZ network. Non-Split Horizon DNS is used. My questions are as below:

Internal domain: abc.lan

External domain: abc.org

webEX user site url: meeting.abc.org

webEX admin site url: meetingadmin.abc.org

admin vm ip: 172.16.225.42

IRP ip is 192.168.106.176

The Private vip for WebEX admin site url is : 172.16.225.50

The public vip for WebEX meeting site url is : 192.168.106.177

Public ip which will be mapped /NATed to 192.168.106.177 is 222.222.222.222(fake)

1) Which ip shoud be added on internal DNS and external DNS for WebEx user meeting url?

    192.168.106.177 (public vip) or 222.222.222.222? (public real ip)

2) Can I use internal domain (abc.lan)  as the domain name configured on vTS, conductor, TMS and CWMS ?

    Since meeting.abc.org will be used as the WebEX user site url. will there be any conflict on domain name?

Thank for very much!!

8 REPLIES 8
Highlighted
Cisco Employee

1) Either will work for internal users (if your network allows it). Likely it makes more sense that they go directly to the public vip (192.168.106.177) instead of being nat'ed.

2) Believe this may be ok yes, can't immediately think of why this would be a problem.

Highlighted

Thanks bvanturn

     So, should I map public VIP (192.168.106.177) to internal DNS for internal users  and 222.222.222.222 to external DNS for internet users? 

Highlighted

Yes that's ok from CWMS perspective.

Highlighted

Thank you very much bvanturn!! Hopefully everything will be working fine next week.

Highlighted

in the deployment it asks for the meeting url (meeting.abc.com)

in a non split horizon dns situation this must resolve to the public ip.. but then the IRP host ip must be in the same subnet as the public vip, so question is..

how then do you use a DMZ ? I can't just put public ips on these two boxes, I have to NAT

Highlighted

You can use simple NAT-ing. 

That way, your internal DNS will resolve WebEx Site URL to Public VIP on IRP Eth1 adapter (which will be in DMZ subnet), while external DNS will resolve WebEx Site URL to public IP you configure on your Firewall which you will NAT to Public VIP  on IRP Eth1 adapter .

I hope this helps.

-Dejan

Highlighted

Hi Dejan,

We are about to deploy CWMS for one of my customers.

We have decided to deploy Non-Split Horizon DNS since we don't have a DMZ DNS.

My customer has separate domains for internal and external DNS: On internal DNS we have domain : tatainternal.net . the external domain is tata.com

tata.com is not resolvable from internal DNS.

My DNS records are as follow:

admin1: cwms1.tatainternal.net --> 10.12.15.10     LAN

admin2: cwms2.tatainternal.net --> 10.12.15.11     LAN

adminvip: cwmsadmin.tatainternal.net --> 10.12.15.12     LAN   (private VIP)

irp1: irp1.tatainternal.net --> 10.12.16.10     DMZ

irp2: irp2.tatainternal.net --> 10.12.16.11     DMZ

irpvip: ????webex url site --> 10.12.16.12     DMZ

 

My question is regarding the webex url site for internal users. Since we are using Non split horizon the webex url will resolve to public VIP (DMZ) using internal DNS. But since tata.com domain is not configured on internal DNS i am confused about the A record that we must configure.

 

For external users, there is no problem, we will use for example : meeting.tata.com on external DNS resolving to a Public IP natted to the public VIP on DMZ.

 

Regards

 

 

Highlighted

Hi guys, anyone??