02-03-2021 12:36 PM
We have a situation in which some of our database are switching off and on of VPN to join customer VPN connections during the day and while on calls. The call drops during the switch. One idea is to have jabber register Only through MRA and not on prem/vpn.
Ideas on best way to accomplish this?
Thanks in Advance
LT
Solved! Go to Solution.
02-04-2021 05:36 AM
On newer versions of Expressway you do not need _cisco-uds SRV record in order for MRA to work, hence the easiest solution would be to delete this record on your internal DNS. Keep in mind that it would permanently force all connections across MRA even for clients that are on-premise, so it may or may not be what you are looking for.
02-03-2021 02:40 PM
Hi there,
If you are using Cisco ASA, then you can configure the DNS filter in the ASA. ASA blocks/filter the UDS service discovery (SRV check with UDS) and when jabber doesn't get the result, it then queries the "collabedge" to get the expressway public IP. So the Jabber always connects via the expressway from the external network and the VPN switchover doesn't affect the call in progress.
We are using this setup in multiple customers and working as expected.
Please refer to the BYOD document outline the configuration details.
This may also possible using a windows DNS filter which I haven't tried yet.
. https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/apply-filters-on-dns-queries
Regards,
Shalid
***** Rates if you find them useful and accept it as a solution if it resolves your query
03-26-2024 08:17 AM
Hi Shalid Kurunnan Chalil,
We are using Cisco ASA Firewall and trying to implement this scenario.
'Force Jabber to use MRA while connected on VPN'
The link you have mentioned is routing to some products page, Could you please share the ASA configuration to implement or updated official guide to configure the ASA firewall to block UDS service.
Thanks.
Regards,
Jayaprakash
03-26-2024 08:25 AM
You could also just install the Jabber with the following install options "EXCLUDED_SERVICES=CUP,CUCM".
This disables the search for the UDS entry completely.
03-26-2024 08:31 AM
Hi Winter,
It would typically force all the internal endpoints also will be re-route to MRA. On the other hand, simply deleting the _cisco-uds records in DNS server can trigger this. In my case, we would like to implement only for VPN segment.
But we want to keep the Wired LAN segments to use internal.
Thanks.
Regards,
Jayaprakash
02-03-2021 07:17 PM
Jabber rely on DNS SRV to determine if the client is on internal or external.
If the name server does not resolve _cisco-uds but does resolve the _collab-edge SRV record, the client attempts to connect to internal servers through Expressway.
if you are not using an ASA check the firewall vendor how to achieve the above.
02-04-2021 05:36 AM
On newer versions of Expressway you do not need _cisco-uds SRV record in order for MRA to work, hence the easiest solution would be to delete this record on your internal DNS. Keep in mind that it would permanently force all connections across MRA even for clients that are on-premise, so it may or may not be what you are looking for.
02-04-2021 05:42 AM
Thanks Chris. What are the disadvantages of this setup other than bandwidth use on prem? Also is there a way to force single clients to MRA but not the entire environment?
LT
02-04-2021 05:59 AM
The disadvantage is that you are forcing all traffic through MRA so you need to make sure your MRA deployment is sized accordingly, it will generate additional external traffic that would have stayed local. If you don't have ICE passthrough enabled that would mean all calls go through Expressway as well. You would also use UDS for directory vs. EDI/BDI/CDI which may not scale for very large deployments as MRA only supports UDS.
Since the SRV record is discoverable to the entire domain you cannot just easily do it for one client without putting that client in different domain, at that point some filtering on firewall. etc. would be better approach.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide