cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
480
Views
5
Helpful
1
Replies

MRA Deploy with dual domain

Hi everyone, I kinda have some problem about the MRA's configuration when more than one domain is involved. My situation is the following:

 

expressway-e (NIC 2): outside with IP 20.20.20.20 (there is a static NAT for its private IP 192.168.10.70/24) and FQDN exp-e.public.domain.com

expressway-e (NIC 1): inside with IP 192.168.5.60/24 

 

expressway-c: inside with IP 192.168.1.25/24 FQDN exp-c.local.domain.com

 

call manager: inside with IP 192.168.1.20/24 FQDN ccm.local.domain.com

 

On the inside I can log in with jabber, and all seems to work properly, but when i am on the outside i cannot log. I think it is a DNS problem, but I do not understand how to properly set up the DNS in order to work with different domains. The communication between the two expressway seems to work (the traversal zone is fine and the SSH tunnel is up). Can anyone help? 

Thanks in advance. 

1 Reply 1

Example configuration for Dual NIC.

Expressway C

 

NIC IP  192.168.10.10 >> VOIP VLAN

 

Internal  DNS Records

  • Certificate

    • Generate CSR, sign the certificate using Internal CA of domain  internal.domain.it.
    • Upload CA root to trust
    • upload the Server certificate.

 

CUCM

 

CUCM IP : 192.168.10.9

Certificate

  • Generate CSR, sign the certificate using Internal CA of domain  internal.domain.it.
  • Upload CA root certificate to trust
  • upload the Server server certificate.

Internal  DNS Records

_cisco-uds._tcp.internal.domain.it SRV service location:
priority = 6
weight = 30
port = 8443
svr hostname =cucm.internal.domain.it

 

Do the same with other nodes.

 

Expressway E

 

NIC 1 IP  192.168.10.10 >> VOIP VLAN

NIC 2 IP  192.168.20.10 >>DMZ IP

Public IP 45.45.45.26

 

Internal DNS

 

  • Create  subzone domain.it 
  • A record(Forward and reverse Lookup) in domain.it.  expresswayE.domain.it  192.168.20.10
  • Certificate

    • Generate CSR, sign the certificate using public CA (what ever your provider)
    • while generating CSR DNS filed should have entry domain.it
    • Upload public CA root to Expressway C and E trust 
    • Upload root CA of   internal.domain.it  to trust
    • upload the Server server certificate.

Public DNS Records

 

  • A record(Forward and reverse Lookup) expresswayE.domain.it  <<YOUR PUBLIC IP>>
  • SRV   _collabedge._tls.domain.it pointing to above IP/Hostname

 

when configure dual NIC, use your network design. and the above is just an example configuration.

 

 

Add both domains in the expressway Configuration >> Domain 

  • internal.domain.it
  • domain.it

 

 

 

 


Response Signature


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: