cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
937
Views
0
Helpful
4
Replies

Expressway cluster with 3 port FW DMZ deployment

ripcisco
Level 1
Level 1

Hi,

We currently have a single Expressway C & E with the E deployed behind an ASA as per 3-Port FW DMZ with Single VCS Expressway LAN Interface (http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway/118992-configure-nat-00.html#anc6) so the E has a DMZ IP address and uses only a single LAN port.

We need to deploy a new pair of C & E as a cluster for resilience.

My question is whether the cluster can be set up using the single LAN 1 DMZ IP address or whether we need to enable the LAN2 and connect this inside the network for the cluster communication. This is a Layer 2 deployment so if a second connection is required the E could have an IP Address for clustering on the same VLAN as the primary E.

Many thanks

Paul

2 Accepted Solutions

Accepted Solutions

Jonathan Schulenberg
Hall of Fame
Hall of Fame

For Expressway-E: yes, you must enable the LAN 2 interface. You will also have to make LAN 2 your public-facing address since only LAN 1 can be used for clustering. LAN 1 cannot have NAT enabled on it when there is a cluster. This is documented in the Cisco Expressway Cluster Creation and Maintenance Deployment Guide (page nine). Don't forget that that LAN 1 and LAN 2 must be in separate subnets so you can't just create a second host IPv4 address in your existing DMZ subnet.

View solution in original post

Expressway-C must be a separate cluster than Expressway-E. They serve distinctly different roles and the cluster is a way of increasing capacity and resiliency of a specific role. They do not share the same architecture/design constructs as CUCM.

View solution in original post

4 Replies 4

Jonathan Schulenberg
Hall of Fame
Hall of Fame

For Expressway-E: yes, you must enable the LAN 2 interface. You will also have to make LAN 2 your public-facing address since only LAN 1 can be used for clustering. LAN 1 cannot have NAT enabled on it when there is a cluster. This is documented in the Cisco Expressway Cluster Creation and Maintenance Deployment Guide (page nine). Don't forget that that LAN 1 and LAN 2 must be in separate subnets so you can't just create a second host IPv4 address in your existing DMZ subnet.

Thanks for the confirmation Jonathan. I read the guide and there was no *specific* mention of the 3 port dmz configuration so I didn't want to make any assumptions. Similarly the guide just mentions an expressway cluster but can you confirm if a cluster can consist of e's and c's together (ie. all 4 expressways) or is it necessary to create two clusters - one for the e's and one for the c's ?

Thanks again.

Expressway-C must be a separate cluster than Expressway-E. They serve distinctly different roles and the cluster is a way of increasing capacity and resiliency of a specific role. They do not share the same architecture/design constructs as CUCM.

Thanks for your assistance as always.