[cisco-voip] Expressway ?'s

Ed Leatherman ealeatherman at gmail.com
Fri Nov 6 08:32:29 EST 2015


This thread is so much fun I thought i'd resurrect it again!

I'm toying around with MRA again, as we have a significant segment of our
campus that has their hosts all NATed off from the rest of campus/world and
their firewalls aren't playing well with SIP.

As I don't have a ready mechanism to do split DNS, I thought perhaps I
could just make a new service domain (jabber.wvu.edu) and only create the
collab-edge SRV for that. Idea would be if I signed into jabber as
ealeatherman at jabber.wvu.edu it would force it over to expressway. Running
into lots of challenges here and starting to wonder if this is even
possible.

Right now exp doesn't seem to be able to locate UDS for me. I'm getting
some certificate errors in expC for my call managers:

edgeconfigprovisioning: Level="ERROR
<https://expc.telecom.wvu.edu/eventlog?all_text=TGV2ZWw9IkVSUk9SIg==>"
Detail="Certificate verify failure
<https://expc.telecom.wvu.edu/eventlog?all_text=RGV0YWlsPSJDZXJ0aWZpY2F0ZSB2ZXJpZnkgZmFpbHVyZSI=>"
Server="<
<https://expc.telecom.wvu.edu/eventlog?all_text=U2VydmVyPSIxMC4xOTIuMi4xMiI=>server
IP>" Reason="No subject alternate name
<https://expc.telecom.wvu.edu/eventlog?all_text=UmVhc29uPSJObyBzdWJqZWN0IGFsdGVybmF0ZSBuYW1lIg==>"
UTCTime="2015-11-06 13:25:29,611
<https://expc.telecom.wvu.edu/eventlog?all_text=VVRDVGltZT0iMjAxNS0xMS0wNiAxMzoyNToyOSw2MTEi>
"

Is it acting like this because my server names in CUCM are defined as IP
Addresses and not host names? this seems strange though, on the Unified CM
servers page in expc all my nodes are listed and TLS and TCP both say
active.

anyone have 2 cents to give on this one?




On Thu, Jun 18, 2015 at 10:01 PM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:

> I really wish there was another option other than split DNS to get MRA
> working from off-premise. I mean, why rely on DNS response rather than lack
> of connectivity to decide which path to take? A parameter in the
> jabber-config.xml file could help with that.
>
> Anyways, I know it's gonna be fun to use the workaround of configuring our
> edge firewall to filter out DNS responses. ugh.
>
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst, Network Infrastructure
> Computing and Communications Services (CCS)
> University of Guelph
>
> 519‐824‐4120 Ext 56354
> lelio at uoguelph.ca
> www.uoguelph.ca/ccs
> Room 037, Animal Science and Nutrition Building
> Guelph, Ontario, N1G 2W1
>
> ------------------------------
> *From: *"Charles Goldsmith" <wokka at justfamily.org>
> *To: *"Scott Voll" <svoll.voip at gmail.com>
> *Cc: *cisco-voip at puck.nether.net
> *Sent: *Thursday, 18 June, 2015 7:45:14 PM
> *Subject: *Re: [cisco-voip] Expressway ?'s
>
>
> As said by others, license is free for the MRA part, to get the free
> license, here is a handy blog entry :
> https://ciscocollab.wordpress.com/2014/02/20/how-to-get-expressway-c-and-e-licenses/
>
>
> He also has entries on helping set it up, but it's pretty simple once you
> get in and start configuring.  Hard part is getting the certs, DNS and
> firewall in line :)
>
>
> On Thu, Jun 18, 2015 at 4:58 PM, Scott Voll <svoll.voip at gmail.com> wrote:
>
>> I"m still on UC 8.6.  we are planning an upgrade to 10.x  We currently
>> have DLU's for licensing and will be moving to CUWL Standard ( I think).
>>
>> How does Expressways factor into this?
>>
>> is it part of CUWL?  Is there a Cost?  What all can you do with
>> Expressway.  What I believe I understand is that it can get your external
>> voice and video internal.  does it replace my lan to lan connections to get
>> an IP phone registered to CM?
>>
>> Does it also do video bridging?  Example. Polycom HDX unit, cisco SX20,
>> jabber and skype all in a single call?
>>
>> TIA
>>
>> Scott
>>
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>


-- 
Ed Leatherman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20151106/7e5764d5/attachment.html>


More information about the cisco-voip mailing list