04-25-2015 11:31 PM - edited 03-17-2019 02:47 AM
Hi,
I'm designing expressway MRA Cluster and I'm a bit confused about the Expressway Edge Public to Private Natting.
Kinldy correct it me If i'm wrong.
Publish DNS Srv Records to ISP:
_collab-edge.example.com
to point to both expressway Edge's Host "A" Records
Question?
I only have a single Public IP Address, is it fine if both expressway-edges Host "A" Records point to the same Public IP Address/
Expressway-Edge Cluster Name should be same in the same domain as Expressway-Edge Servers
Question?
Where should I create the Cluster FQDN internally or externally and what should it resolve to?
Solved! Go to Solution.
12-04-2015 09:16 AM
Hi,
If you have a single public IP and multiple inside hosts to reach from outside, you can use static NAT by differentiating outside destination ports
eg.
ip nat inside source static tcp 10.10.10.1 80 80.123.54.1 80
ip nat inside source static tcp 10.10.10.2 80 80.123.54.1 8080
Although you can form a cluster, each expressway E has its own ip address
Unfortunately, because an MRA session involves different TCP and UDP ports, this cannot be done.
In this case, the use of a specific load balancer could be a solution but Cisco could not support it.
So the way to go is to configure one public ip address for each E node
Here a post with a similar query.
https://supportforums.cisco.com/discussion/12070126/vcs-expressway-cluster-use-1-public-ip-loadbalancer
Regards
Carlo
11-01-2015 12:33 AM
Hi Zekeria,
Did you got the answers for the above queries, Please do help me to deploy Expressway Cluster, even I do have some concerns on it.
11-01-2015 02:11 AM
Where should I create the Cluster FQDN internally or externally and what should it resolve to..
The cluster FQDN doesnt resolve to anything, It is used for certificate purposes when deploying a clustered VCS solution..
Set a cluster name (System > Clustering) even when starting with a single node
•Generate server certificate CSR with Common Name set to “FQDN of VCS Cluster
Build Expressway-E Traversal Server zone with the “TLS verify subject name” set to “Cluster FQDN
--
TLS verify subject name: cluster.expressway.com
--
"I only have a single Public IP Address, is it fine if both expressway-edges Host "A" Records point to the same Public IP Address"...
I believe this should be possible.
12-02-2015 10:17 PM
Hello,
I have the same case. But the question that I have, if I create two A records pointing to the same IP address, how I can route the calls to Expressway-E 01 or Expressway-E 02.
Is this applicable for other deployment other than MRA, like video conferencing?
Regards,
12-03-2015 02:55 AM
You use your SRV record to route to your expressway-E. Within your SRV record you select the host that offers the service that the SRV is configured for. You can give different hosts different weight or you can give them equal weight and DNS will use round robin to select which server to use. If you want to prefer a particular server then you need ti give it a lower wieght in the SRV record.
12-03-2015 09:26 AM
Please correct me if I’m mistaken:
SRV Record à A record 01 and A record 02 (expressway01.domain.com & expressway02.domain.com)
If A record 01 (expressway01.domain.com) à 1.1.1.1
And
A record 02 (expressway02.domain.com) à 1.1.1.1
(both A record 01 and 02 point to the same IP Address 1.1.1.1) the same firewall or Nating device, how we can route the calls between Expressway 01 and Expressway 02?
12-04-2015 08:19 AM
The expressways need to have unique ip addresses. If you are refrring to the global IP ie the NAT IP. Then I believe that you may be able to do PAT on firewall to use a single public IP for multiple hosts
12-04-2015 09:16 AM
Hi,
If you have a single public IP and multiple inside hosts to reach from outside, you can use static NAT by differentiating outside destination ports
eg.
ip nat inside source static tcp 10.10.10.1 80 80.123.54.1 80
ip nat inside source static tcp 10.10.10.2 80 80.123.54.1 8080
Although you can form a cluster, each expressway E has its own ip address
Unfortunately, because an MRA session involves different TCP and UDP ports, this cannot be done.
In this case, the use of a specific load balancer could be a solution but Cisco could not support it.
So the way to go is to configure one public ip address for each E node
Here a post with a similar query.
https://supportforums.cisco.com/discussion/12070126/vcs-expressway-cluster-use-1-public-ip-loadbalancer
Regards
Carlo
12-04-2015 10:58 AM
Thank you for your reply (+5)
12-21-2016 04:20 AM
I have similar case about expressway-e
Customer has xxx.com domain but they dont want to publish it from outside. They want to use fake domain from outside . Can I able to convert xxx.pvt-> xxx.com domain name ?
Customer want to resolve xxx.pvt from outside but i know this is not possible.
Customer want to use alias for domain converting.
I found this bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuo83458/?reffering_site=dumpcr
Does anyone encounter this scnerio before ?
Thanks,
01-10-2017 05:56 AM
Kemal
This is not possible as because jabber client use the email@domain supplied by the user to do a dns srv lookup, so you have to publish the domain your users are using to login to jabber.
Hope this helps.
12-04-2015 11:02 AM
Thank you for your answer (+5) but I do not think PAT will work, because I can't change the ports of Jabber communications
12-04-2015 11:04 AM
Yes, PAT will not work for MRA. My friend Carlo explained it very well in the post I endorsed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide