cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2334
Views
26
Helpful
10
Replies

VCS SRV records

clark white
Level 2
Level 2

Hello,

I have a  VCS server which I want to setup in DMZ for URI dialing outside/Inside, the domain name is same as our MEX record domain name, what SRV records I have to create in local or ISP DNS and publish in ISP DNS so whenever other corporate wants to do a video conference toour internal users or TP endpoint they can reach.

Thanks

1 Accepted Solution

Accepted Solutions

Question 1..

Zones, subzones and service policy are not determined by where you place the VCS. As suggested earlier, VCS-e is placed in the DMZ. To know how to configure the zones refer to the document I attached. There are examples there.

Question 2.

If the other company has a VCS-E that is accessible from the internet, then all you need to do is create a DNS zone and a search rule that that says any call not for my domain, send to the DNS zone. Again example is in the document I sent to you.

If you want a direct connection to the company then you will need to create a neighbor zone and search rule that will send all calls intended for this company to this zone.

Please rate all useful posts

View solution in original post

10 Replies 10

Patrick McCarthy
Cisco Employee
Cisco Employee

You'll find this in pages 230-231 in the latest admin guide, including examples. They cover both SIP and H.323. 

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/admin_guide/Cisco-VCS-Administrator-Guide-X8-2.pdf

Hope this helps. 

Ayodeji Okanlawon
VIP Alumni
VIP Alumni

 

For external parties to call your organisation you do not need SRV records. You only need your ITSP to host the A record of your vcs expressway. The details below show you what you need. If you have endpoints that need to register over the internet, then you will need SRV records. Attached is the deployment guide and you find DNS records on  Appendix 2

Appendix 2 – DNS records configuration
DNS configuration on host server
The following records are required to be configured in the external DNS which hosts the externally routable
domain: example.com to allow:
n external endpoints registration messages to be routed to the VCS Expressway
n calls from non-registered endpoints (or other infrastructure devices) to be routed to the VCS Expressway
Host DNS A record
Host TTL Type Data
vcse.example.com 86400 A 192.0.2.2
DNS SRV records
Service Protocol Host Port Notes
h323cs tcp _h323cs._tcp.example.com 1720
h323ls udp _h323ls._udp.example.com 1719
sip tcp _sip._tcp.example.com 5060
sip udp _sip._udp.example.com 5060
sips tcp _sips._tcp.example.com 5061
sips tls _sips._tls.example.com 5061 For E20 TE2.1
sip tls _sip._tls.example.com 5061 For MXP F8.2, T150 L6.0, Movi prior to version 3.1
For each DNS SRV record the following values are common:
Name example.com
TTL 86400
Type SRV
Priority 10
Weight 10
Target vcse.example.com.

Please rate all useful posts

I should let you know that it is very rude to rate a post with one star. I do not solicit for your ratings and hence it is better that you didnt rate the post than you been very um-appreciative and giving me a one star rating. After taking my time, stepping away from a job that pays my wages to attempt to help you. This is not just for me, don't do it for anyone, it makes you look very ungrateful

Please rate all useful posts

Dear Okanlawon,

you are CSC expert I have not rated you with one star it is somebody else, even though any answer is not solving my problem  completely  though I rate 5 and not 1

thanks

Dear Okanlawon,

Actually i am confused for the design where i shld place the VCSE, i shld place in

DMZ network who's default gateway will be the firewall and all traffic will pass through the ASA, external interface LAN B will be on ASA and the internal LAN A on the internal switch, VCSE external interface will be statically Natted on ASA

OR

VCSE lan B directly connecting to Internet router and LAN A connection to internal switch, LAN B is assigned with a public IP but the problem here is there is no security for the VCSE, anybody can hack it

 

Thanks

Option 1 is the recommended and most secure. Your external DNS server will point to the NATed ip address of expwe.

Please rate all useful posts

Dear Okanlawon,

Need to be more clear on the doubts do I have read the deployment guide  if want to place in DMZ then what steps I have to configure in VCS  for ex ( zone, subzone, service policy)

 

Question 2:

If I have another sort of design for example a VPN from ASA to another company ASA and I have a VCS and TP endpoint in my corporate so how I can use them to reach to the other entities.

Thanks

 

 

 

 

Question 1..

Zones, subzones and service policy are not determined by where you place the VCS. As suggested earlier, VCS-e is placed in the DMZ. To know how to configure the zones refer to the document I attached. There are examples there.

Question 2.

If the other company has a VCS-E that is accessible from the internet, then all you need to do is create a DNS zone and a search rule that that says any call not for my domain, send to the DNS zone. Again example is in the document I sent to you.

If you want a direct connection to the company then you will need to create a neighbor zone and search rule that will send all calls intended for this company to this zone.

Please rate all useful posts

Thanks Buddy

Dear Okanlawon,

yes i have seen clark he never rates 1

thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: