Hi everyone, in my company we are now deploying MRA, but I have some problems configuring the two expressway. In particular i get what you see in the attachments.
Can anyone help? Zones, search rules and domains are properly configured i guess.
Thanks a lot.
Solved! Go to Solution.
The system communication from Expressway E to C is broken.
Thanks a lot.. i found something wrong with my certificates configuration ..I used OpenSSL and it says that the rootCA does not respect some constraints.. but i followed the cisco guideline.. so I don't understand very well.
The zone state on E is Failed. Check your configuration and communication between the C and E.
Also check that the certificates chain of trust is established between both nodes. What type of certificates do you use on the E and C? Self signed, internal CA or public CA signed.
Hi, I used certificates signed with a rootCA. In particular, the rootCA is made by using OpenSSL. The csr are generated by the expressways and then the csr has been signed by the rootCA using OpenSSL. I followed this guide, https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X12-5.pdf .
I would prefer going with dual NIC.
NIC IP 192.168.10.10 >> VOIP VLAN
Internal DNS Records
CUCM IP : 192.168.10.9
Internal DNS Records
Do the same with other nodes.
NIC 1 IP 192.168.10.10 >> VOIP VLAN
NIC 2 IP 192.168.20.10 >>DMZ IP
Public IP 22.214.171.124
Public DNS Records
when configure dual NIC, use your network design. and the above is just an example configuration.
Your need to look in to few more things related to your DNS and NIC design.
Your external and internal domain, is it same.
Can you provide the details of DNS ( both internal and external) entries.
I never worked with single NIC, But AFAIK there is some firewall hair pining to be done for this work.
Hi, the internal and external domain are not the same. In particular the internal is internal.domain.it and the external is domain.it .
There is no much difference than @Nithin Eluvathingal mentioned when you have separate domains.
Add both domains in the expressway Configuration >> Domain
SRV records still remain the same if your users use the same URI format to login to jabber. But this comes later. first, you have to correct the all config up in the expressway.
For details on the zone look at this section in the configuration document https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/exwy_b_mra-expressway-deployment-guide/exwy_b_mra-expressway-deployment-guide_chapter_01000.html?referring_site=RE&pos=3&page=https://www.cisco.com/c/en/us/td/docs/voic...
It is quite well documented, recommend you to read the links provided by me and others in this post.
The image which you shared is UC configuration on expressway and its not Zone. can you create a Unified communication traversal zone.
Please share the screenshot of
if you don't have one, please configure it.