Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
0
Helpful
3
Replies

Expressway minimum design requirements

hdza1915
Level 1
Level 1

‎01-15-2023 04:06 PM

Hello guys,

I'm newbie on Expressway and I want to setup a demonstration platform, I already installed both expressway-c and expressway-e VMs. I have only internal DNS and one public IP. And have ofc CMCM, IMP and CMS.

Can I setup MRA without External DNS ? (via public IP only without External DNS), if yes please guide me, all the configs I found on the net required external DNS server/domaine.

Can the setup be done with only one network interface on each expressway, since I don't have licenses (I intend working on evaluation mode just for test purposes)

 

Thanks in advance.

 

BR

 

0 Helpful
3 Replies 3

Nithin Eluvathingal
VIP
VIP

‎01-15-2023 08:28 PM

New versions of expressway has no options keys for advanced features like dual Nic. So you can configure this without any licenses. For MRA you dont need any license features. 

You dont need a public DNS, what you need is a DNS entries. If you have a public domain, the domain provide will  help you to add DNS entries for your domain. Once added SRV  will  be  available publicly. 

Below mentioned are to be added on the public DNS 

A record for expressway E this will be your public IP

SRV record 

_collab-edge._tls.example.com   SRV service location:
          priority       = 3
          weight         = 7
          port           = 8443
          svr hostname   = vcse1.example.com


Response Signature


0 Helpful

Maren Mahoney
VIP
VIP

‎01-16-2023 05:38 AM

If you don't have external DNS, you can set up a PC to point to a router or something that has the DNS entries to find the Expressway-E. I did this in my classroom when teaching MRA deployment. Below are the DNS entries I had my student enter on a router. Then I had my students point the DNS of the PC to the router and flush the DNS cache. Obviously this would work for demo purposes only. You'd need public DNS (and public certs and such) for a production deployment:

ip domain-name externaldomain.com
ip domain-lookup
ip dns server
ip dns primary externaldomain.com soa <ip.of.the.router> administrator@externaldomain.com
ip host exp-hostname.externaldomain.com <ip.of.exp.e>
ip host _collab-edge._tls.extenraldomain.com srv 1 1 8443 exp-hostname.externaldomain.com

Maren

0 Helpful

techguy150
Level 1
Level 1

‎01-18-2023 11:42 PM

Mobile and Remote Access Ports
For MRA port information, go to the Cisco Expressway IP Port Usage Configuration Guide at Cisco Expressway Series Configuration Guides. The guide describes the ports that you can use between Expressway-C in the internal network, Expressway-E in the DMZ, and the public internet.

Network Infrastructure Requirements

IP Addresses
Assign separate IP addresses to the Expressway-C and the Expressway-E. Do not use a shared address for both elements, as the firewall cannot distinguish between them.

Network Domain
The ideal scenario for MRA is to have a single domain with a split DNS configuration, and this is the recommended approach. This is not always possible, so there are some other approaches to deal with various alternative scenarios.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents