×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VCS SRV records

Answered Question
Sep 9th, 2014
User Badges:

Hello,

I have a  VCS server which I want to setup in DMZ for URI dialing outside/Inside, the domain name is same as our MEX record domain name, what SRV records I have to create in local or ISP DNS and publish in ISP DNS so whenever other corporate wants to do a video conference toour internal users or TP endpoint they can reach.

Thanks

Correct Answer by Ayodeji Okanlawon about 2 years 11 months ago

Question 1..

Zones, subzones and service policy are not determined by where you place the VCS. As suggested earlier, VCS-e is placed in the DMZ. To know how to configure the zones refer to the document I attached. There are examples there.

Question 2.

If the other company has a VCS-E that is accessible from the internet, then all you need to do is create a DNS zone and a search rule that that says any call not for my domain, send to the DNS zone. Again example is in the document I sent to you.

If you want a direct connection to the company then you will need to create a neighbor zone and search rule that will send all calls intended for this company to this zone.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (4 ratings)
Loading.
Ayodeji Okanlawon Tue, 09/09/2014 - 10:35
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

 

For external parties to call your organisation you do not need SRV records. You only need your ITSP to host the A record of your vcs expressway. The details below show you what you need. If you have endpoints that need to register over the internet, then you will need SRV records. Attached is the deployment guide and you find DNS records on  Appendix 2

Appendix 2 – DNS records configuration
DNS configuration on host server
The following records are required to be configured in the external DNS which hosts the externally routable
domain: example.com to allow:
n external endpoints registration messages to be routed to the VCS Expressway
n calls from non-registered endpoints (or other infrastructure devices) to be routed to the VCS Expressway
Host DNS A record
Host TTL Type Data
vcse.example.com 86400 A 192.0.2.2
DNS SRV records
Service Protocol Host Port Notes
h323cs tcp _h323cs._tcp.example.com 1720
h323ls udp _h323ls._udp.example.com 1719
sip tcp _sip._tcp.example.com 5060
sip udp _sip._udp.example.com 5060
sips tcp _sips._tcp.example.com 5061
sips tls _sips._tls.example.com 5061 For E20 TE2.1
sip tls _sip._tls.example.com 5061 For MXP F8.2, T150 L6.0, Movi prior to version 3.1
For each DNS SRV record the following values are common:
Name example.com
TTL 86400
Type SRV
Priority 10
Weight 10
Target vcse.example.com.

Ayodeji Okanlawon Tue, 09/09/2014 - 11:42
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

I should let you know that it is very rude to rate a post with one star. I do not solicit for your ratings and hence it is better that you didnt rate the post than you been very um-appreciative and giving me a one star rating. After taking my time, stepping away from a job that pays my wages to attempt to help you. This is not just for me, don't do it for anyone, it makes you look very ungrateful

adamgibs7 Tue, 09/09/2014 - 14:08
User Badges:

Dear Okanlawon,

yes i have seen clark he never rates 1

thanks

clark white Tue, 09/09/2014 - 14:07
User Badges:

Dear Okanlawon,

you are CSC expert I have not rated you with one star it is somebody else, even though any answer is not solving my problem  completely  though I rate 5 and not 1

thanks

clark white Tue, 09/09/2014 - 14:18
User Badges:

Dear Okanlawon,

Actually i am confused for the design where i shld place the VCSE, i shld place in

DMZ network who's default gateway will be the firewall and all traffic will pass through the ASA, external interface LAN B will be on ASA and the internal LAN A on the internal switch, VCSE external interface will be statically Natted on ASA

OR

VCSE lan B directly connecting to Internet router and LAN A connection to internal switch, LAN B is assigned with a public IP but the problem here is there is no security for the VCSE, anybody can hack it

 

Thanks

Ayodeji Okanlawon Tue, 09/09/2014 - 15:11
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

Option 1 is the recommended and most secure. Your external DNS server will point to the NATed ip address of expwe.

clark white Tue, 09/09/2014 - 23:10
User Badges:

Dear Okanlawon,

Need to be more clear on the doubts do I have read the deployment guide  if want to place in DMZ then what steps I have to configure in VCS  for ex ( zone, subzone, service policy)

 

Question 2:

If I have another sort of design for example a VPN from ASA to another company ASA and I have a VCS and TP endpoint in my corporate so how I can use them to reach to the other entities.

Thanks

 

 

 

 

Correct Answer
Ayodeji Okanlawon Wed, 09/10/2014 - 01:45
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

Question 1..

Zones, subzones and service policy are not determined by where you place the VCS. As suggested earlier, VCS-e is placed in the DMZ. To know how to configure the zones refer to the document I attached. There are examples there.

Question 2.

If the other company has a VCS-E that is accessible from the internet, then all you need to do is create a DNS zone and a search rule that that says any call not for my domain, send to the DNS zone. Again example is in the document I sent to you.

If you want a direct connection to the company then you will need to create a neighbor zone and search rule that will send all calls intended for this company to this zone.

Actions

This Discussion