cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3830
Views
0
Helpful
7
Replies

ExpressWay MRA With Multiple Domains

shacharalon7
Level 1
Level 1

Hi Guys,

 

We are planning to deploy at one of our customers the Jabber client and the MRA services.

This customer has 2 Domains, Internal and External and it is not possible to add the External Domain as a Zone in the Internal DNS server.

 

Usually when we deployed a solution that included 2 Domain, we added the External Domain as a new Zone to the Internal DNS  server and forces the Jabbers to query SRV records using the External domain, by using MSI Switch SERVICES_DOMAIN=EXTERNAL_DOMAIN.

 

Thanks,

 

Shachar

7 Replies 7

Anurag Srivastava1
Spotlight
Spotlight

Hello

 

Users will sign in with external domain or internal domain?

anyways in both cases you need to resolve _cisco-uds internally and that is where you you will stuck as you can't add the domain in DNS server.

 

There is a Per-domain DNS server filed under System -->DNS of expressway 

image.png

 

So you can make a separate windows DNS server and add only the specific domain for SRV query and mentioned this under Per-Domain DNS server.

I think it will solve your purpose and will not impact for other DNS queries :-)

 

Thanks

Please rate if it is helpful and mark as accepted solution if applicable...

Thanks
Please rate if it is helpful and mark as accepted solution if applicable....

Hi Anurag,

 

Thanks for you replay.

 

We would like to use the External domain to sign in, since the Internal domain doesn't exist outside the organization.

 

The solution you offered can resolve the connectivity from outside the organisation.

But what will happen to a Jabber client (Laptop) that got registered inside the customer's LAN and moved outside the network.

I dont see how it could work, unless we will disable the UPN Discovery, and ask the customer to login using the local domain from inside his network and the external domain from outside.

 

unless you have a better idea :) 

 

Thanks,

 

 

Hello,

 

If you are using external domain for logging then you need to have the DNS entry internally resolving the SRV queries.

Else there is no other way.

Please refer the below link, may be you will get some idea-

https://www.cisco.com/c/en/us/support/docs/unified-communications/expressway-series/117811-configure-vcs-00.html

 

Thanks

Please rate if it is helpful and mark as accepted solution if applicable....

Thanks
Please rate if it is helpful and mark as accepted solution if applicable....

As i mentioned, It is not possible to add the external Zone in the Internal DNS servers.

 

So I think my options will be the following 2:

 

- Create one separate Zone for the VOIP services

- Using 2 different domains for sign in Internal/External

 

Thanks,

collinks2
Level 5
Level 5

hello,were you able achieve this? I am trying to deploy this for a friend.

Did you finally get it working in two different domains. I am thinking if I should change the voice domain=external domain in the jabber-config.XML

 

Hi,

 

Eventually we have build a DNS server that served the ExpressWay C only.

The DNS server resolved queries of the External Domain in order to resolve cisco-uds and cuplogin.

 

From the internal network the Jabber clients resolved the cisco-uds and cuplogin using the internal domain.

We have disabled the UPN discovery from the Jabber and we have guided the users to use the login method accordingly to their location:

 

Internal Domain from inside the network and external domain from outside the network.

 

Hello,

as per my post:

https://community.cisco.com/t5/unified-communications/mra-phone-only-mode-no-imp-external-domain-different-than/m-p/4660172

I need to setup a phone-only MRA (i.e. without IMP) and I have 2 different domains:

external: uc.company.com

internal: company.local

I am wondering how I can manage the user authentication from inside and outside via MRA.

Also I would like to minimize the impact on the DNS of our customer.

Is there any tip that you can share?

Thanks!

MM