cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
3988
Views
15
Helpful
12
Replies
Highlighted
Participant

Expressway Cluster MRA DNS

Hi,

 

I'm designing expressway MRA Cluster and I'm a bit confused about the Expressway Edge Public to Private Natting.

 

Kinldy correct it me If i'm wrong.

 

Publish DNS Srv Records to ISP:

_collab-edge.example.com

to point to both expressway Edge's Host "A" Records

Question?

I only have a single Public IP Address, is it fine if both expressway-edges Host "A" Records point to the same Public IP Address/

 

Expressway-Edge Cluster Name should be same in the same domain as Expressway-Edge Servers

 

Question?

Where should I create the Cluster FQDN internally or externally and what should it resolve to?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

If you have a single public IP and multiple inside hosts to reach from outside, you can use static NAT by differentiating outside destination ports

eg.

ip nat inside source static tcp 10.10.10.1 80 80.123.54.1 80

ip nat inside source static tcp 10.10.10.2 80 80.123.54.1 8080

Although you can form a cluster, each expressway E has its own ip address 

Unfortunately,  because an MRA session involves different TCP and UDP ports, this cannot be done.

In this case, the use of a specific load balancer  could be a solution but Cisco could not support it.

So the way to go is to configure one public ip address for each E node

Here a post with a similar query.

https://supportforums.cisco.com/discussion/12070126/vcs-expressway-cluster-use-1-public-ip-loadbalancer

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"

View solution in original post

12 REPLIES 12
Highlighted

Hi Zekeria,

Did you got the answers for the above queries, Please do help me to deploy Expressway Cluster, even I do have some concerns on it.

Highlighted

Where should I create the Cluster FQDN internally or externally and what should it resolve to..

The cluster FQDN doesnt resolve to anything, It is used for certificate purposes when deploying a clustered VCS solution..

Set a cluster name (System > Clustering) even when starting with a single node
•Generate server certificate CSR with Common Name set to “FQDN of VCS Cluster

Build Expressway-E Traversal Server zone with the “TLS verify subject name” set to “Cluster FQDN

--

TLS verify subject name: cluster.expressway.com

--

"I only have a single Public IP Address, is it fine if both expressway-edges Host "A" Records point to the same Public IP Address"...

I believe this should be possible.

Please rate all useful posts
Highlighted

Hello,

 

I have the same case. But the question that I have, if I create two A records pointing to the same IP address, how I can route the calls to Expressway-E 01 or Expressway-E 02.

Is this applicable for other deployment other than MRA, like video conferencing?

 

Regards,

 

Highlighted

You use your SRV record to route to your expressway-E. Within your SRV record you select the host that offers the service that the SRV is configured for. You can give different hosts different weight or you can give them equal weight and DNS will use round robin to select which server to use. If you want to prefer a particular server then you need ti give it a lower wieght in the SRV record.

Please rate all useful posts
Highlighted

Please correct me if I’m mistaken:

SRV Record à A record 01 and A record 02 (expressway01.domain.com & expressway02.domain.com)

If A record 01 (expressway01.domain.com) à 1.1.1.1

And

A record 02 (expressway02.domain.com) à 1.1.1.1

(both A record 01 and 02 point to the same IP Address 1.1.1.1) the same firewall or Nating device, how we can route the calls between Expressway 01 and Expressway 02?

Highlighted

The expressways need to have unique ip addresses. If you are refrring to the global IP ie the NAT IP. Then I believe that you may be able to do PAT on firewall to use a single public IP for multiple hosts

Please rate all useful posts
Highlighted

Hi,

If you have a single public IP and multiple inside hosts to reach from outside, you can use static NAT by differentiating outside destination ports

eg.

ip nat inside source static tcp 10.10.10.1 80 80.123.54.1 80

ip nat inside source static tcp 10.10.10.2 80 80.123.54.1 8080

Although you can form a cluster, each expressway E has its own ip address 

Unfortunately,  because an MRA session involves different TCP and UDP ports, this cannot be done.

In this case, the use of a specific load balancer  could be a solution but Cisco could not support it.

So the way to go is to configure one public ip address for each E node

Here a post with a similar query.

https://supportforums.cisco.com/discussion/12070126/vcs-expressway-cluster-use-1-public-ip-loadbalancer

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"

View solution in original post

Highlighted

Thank you for your reply (+5)

Highlighted

I have similar case about expressway-e

Customer has  xxx.com domain but they dont want to publish it from outside. They want to use fake domain from outside . Can I able to convert xxx.pvt-> xxx.com domain name ?

Customer want to resolve xxx.pvt from outside but i know  this is not possible.

Customer want to use alias for domain converting.

I found this bug  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuo83458/?reffering_site=dumpcr

Does anyone encounter this scnerio before ?

Thanks,

Highlighted

Kemal

This is not possible as because jabber client use the email@domain supplied by the user to do a dns srv lookup, so you have to publish the domain your users are using to login to jabber.

Hope this helps. 

Highlighted

Thank you for your answer (+5) but I do not think PAT will work, because I can't change the ports of Jabber communications

Highlighted

Yes, PAT will not work for MRA. My friend Carlo explained it very well in the post I endorsed. 

Please rate all useful posts