09-09-2014 08:42 AM - edited 03-18-2019 03:23 AM
Hello,
I have a VCS server which I want to setup in DMZ for URI dialing outside/Inside, the domain name is same as our MEX record domain name, what SRV records I have to create in local or ISP DNS and publish in ISP DNS so whenever other corporate wants to do a video conference toour internal users or TP endpoint they can reach.
Thanks
Solved! Go to Solution.
09-10-2014 01:45 AM
Question 1..
Zones, subzones and service policy are not determined by where you place the VCS. As suggested earlier, VCS-e is placed in the DMZ. To know how to configure the zones refer to the document I attached. There are examples there.
Question 2.
If the other company has a VCS-E that is accessible from the internet, then all you need to do is create a DNS zone and a search rule that that says any call not for my domain, send to the DNS zone. Again example is in the document I sent to you.
If you want a direct connection to the company then you will need to create a neighbor zone and search rule that will send all calls intended for this company to this zone.
09-09-2014 10:07 AM
You'll find this in pages 230-231 in the latest admin guide, including examples. They cover both SIP and H.323.
http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/admin_guide/Cisco-VCS-Administrator-Guide-X8-2.pdf
Hope this helps.
09-09-2014 10:35 AM
For external parties to call your organisation you do not need SRV records. You only need your ITSP to host the A record of your vcs expressway. The details below show you what you need. If you have endpoints that need to register over the internet, then you will need SRV records. Attached is the deployment guide and you find DNS records on Appendix 2
Appendix 2 – DNS records configuration
DNS configuration on host server
The following records are required to be configured in the external DNS which hosts the externally routable
domain: example.com to allow:
n external endpoints registration messages to be routed to the VCS Expressway
n calls from non-registered endpoints (or other infrastructure devices) to be routed to the VCS Expressway
Host DNS A record
Host TTL Type Data
vcse.example.com 86400 A 192.0.2.2
DNS SRV records
Service Protocol Host Port Notes
h323cs tcp _h323cs._tcp.example.com 1720
h323ls udp _h323ls._udp.example.com 1719
sip tcp _sip._tcp.example.com 5060
sip udp _sip._udp.example.com 5060
sips tcp _sips._tcp.example.com 5061
sips tls _sips._tls.example.com 5061 For E20 TE2.1
sip tls _sip._tls.example.com 5061 For MXP F8.2, T150 L6.0, Movi prior to version 3.1
For each DNS SRV record the following values are common:
Name example.com
TTL 86400
Type SRV
Priority 10
Weight 10
Target vcse.example.com.
09-09-2014 11:42 AM
I should let you know that it is very rude to rate a post with one star. I do not solicit for your ratings and hence it is better that you didnt rate the post than you been very um-appreciative and giving me a one star rating. After taking my time, stepping away from a job that pays my wages to attempt to help you. This is not just for me, don't do it for anyone, it makes you look very ungrateful
09-09-2014 02:07 PM
Dear Okanlawon,
you are CSC expert I have not rated you with one star it is somebody else, even though any answer is not solving my problem completely though I rate 5 and not 1
thanks
09-09-2014 02:18 PM
Dear Okanlawon,
Actually i am confused for the design where i shld place the VCSE, i shld place in
DMZ network who's default gateway will be the firewall and all traffic will pass through the ASA, external interface LAN B will be on ASA and the internal LAN A on the internal switch, VCSE external interface will be statically Natted on ASA
OR
VCSE lan B directly connecting to Internet router and LAN A connection to internal switch, LAN B is assigned with a public IP but the problem here is there is no security for the VCSE, anybody can hack it
Thanks
09-09-2014 03:11 PM
Option 1 is the recommended and most secure. Your external DNS server will point to the NATed ip address of expwe.
09-09-2014 11:10 PM
Dear Okanlawon,
Need to be more clear on the doubts do I have read the deployment guide if want to place in DMZ then what steps I have to configure in VCS for ex ( zone, subzone, service policy)
Question 2:
If I have another sort of design for example a VPN from ASA to another company ASA and I have a VCS and TP endpoint in my corporate so how I can use them to reach to the other entities.
Thanks
09-10-2014 01:45 AM
Question 1..
Zones, subzones and service policy are not determined by where you place the VCS. As suggested earlier, VCS-e is placed in the DMZ. To know how to configure the zones refer to the document I attached. There are examples there.
Question 2.
If the other company has a VCS-E that is accessible from the internet, then all you need to do is create a DNS zone and a search rule that that says any call not for my domain, send to the DNS zone. Again example is in the document I sent to you.
If you want a direct connection to the company then you will need to create a neighbor zone and search rule that will send all calls intended for this company to this zone.
09-15-2014 07:01 AM
Thanks Buddy
09-09-2014 02:08 PM
Dear Okanlawon,
yes i have seen clark he never rates 1
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide