[cisco-voip] MRA/Expressway

Wed Oct 1 12:01:19 EDT 2014

Nick,
I just did this Multi domain deployment and ran into the same issues, you do have the option to Add a Forward Lookup zone to your existing Windows DNS Servers.  You will need to add forward lookup zone for domain.com<http://domain.com> to allow your internal DNS servers to be authoritative for this domain; then once the zone is created, create SRV Records for cuplogin and cisco-uds.

Information for adding forward zone:
http://technet.microsoft.com/en-us/library/cc771566.aspx

DNS Records to add
SRV Record  _cisco-uds._tcp. domain.com<http://domain.com>  --> cucm. Internal.domain.com<http://Internal.domain.com>
SRV Record  _cuplogin._tcp. domain.com<http://domain.com>   --> cups. Internal.domain.com<http://Internal.domain.com>
A Record  voice. domain.com<http://domain.com> à xx.xx.xx.xx(where x is your E)

Please make sure _collab-edge._tls. domain.com<http://domain.com> SRV record is NOT created on your internal dns servers or resolvable by them.

Why do you need record SRV Records for domain.com<http://domain.com> on internal dns servers that are only resolvable internally? Please see here since you are using multiple domains:
http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway-series/117811-configure-vcs-00.html

Also as you can see in the MRA Deployment guide on page 11 DNS Records, both Public DNS and Local DNS uses the same domain, i.e. example.com<http://example.com>.  In your case, you are using multiple domains which is why the extra configuration steps.
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-2/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-2.pdf”

:-:gm

Grace Maximuangu
Voice Solutions Engineer
Black Box Network Services
Cell: 213.268.6342
grace.maximuangu at blackbox.com<mailto:grace.maximuangu at blackbox.com>
www.blackbox.com<http://www.blackbox.com/>

[cid:image001.jpg at 01CFDD56.440D4500]

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Nick
Sent: Wednesday, October 01, 2014 4:51 AM
To: Heim, Dennis
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] MRA/Expressway

Hi Dennis

Did you get the MRA working with Split DNS domains, I am configuring the same with Internal.domain.com<http://Internal.domain.com> for the C and domain.com<http://domain.com> for E and I have added the certs and my traversal Zone is up but I am unable to login to Jabber.

I have seen some docs that state to add the external domain to VoiceServcesDomain in the Jabber-confg.xml and to add another _cisco-uds SRV on the internal DNS which is configured with domain.com<http://domain.com> rather than internal.domain.com<http://internal.domain.com> however I am unable to do this as domain.com<http://domain.com> is not setup as a zone in the DNS.

Any assistance on your experience is appreaciated.

Kind Regards

Nick

On 9 July 2014 05:13, Heim, Dennis <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>> wrote:
I am trying to configure MRA for the first time. We have split dns zones, so acme.loc (internal DNS) and acme.com<http://acme.com> (external DNS). We are struggling with determining what should be in the subject alternative names (SAN) for the Expressway-E certificate?

Thanks,

Dennis Heim | Collaboration Solutions Architect
World Wide Technology, Inc. | +1 314-212-1814<tel:%2B1%20314-212-1814>
[cid:image007.png at 01CFDD55.E637D0D0]<https://twitter.com/CollabSensei>
[cid:image008.png at 01CFDD55.E637D0D0][cid:image009.png at 01CFDD55.E637D0D0]<tel:+13142121814>[cid:image010.png at 01CFDD55.E637D0D0]

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

________________________________
This email and any files transmitted with it are confidential and are intended for the sole use of the individual to whom they are addressed. Black Box Corporation reserves the right to scan all e-mail traffic for restricted content and to monitor all e-mail in general. If you are not the intended recipient or you have received this email in error, any use, dissemination or forwarding of this email is strictly prohibited. If you have received this email in error, please notify the sender by replying to this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141001/91e020fc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 3876 bytes
Desc: image007.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141001/91e020fc/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.png
Type: image/png
Size: 1389 bytes
Desc: image008.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141001/91e020fc/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.png
Type: image/png
Size: 1292 bytes
Desc: image009.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141001/91e020fc/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image010.png
Type: image/png
Size: 1391 bytes
Desc: image010.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141001/91e020fc/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3491 bytes
Desc: image001.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141001/91e020fc/attachment.jpg>