Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1146
Views
0
Helpful
1
Replies

DNS resolve issue of expressway- E server

Abdulkader Naji
Level 1
Level 1

‎02-10-2016 05:00 AM - edited ‎03-17-2019 05:52 PM

Hi All,

I'm deploying expressway to overcome the use of VPN Anywhere.

I have two server on deployed internal (LAN) called as expressway - C server and has membership in the local domain.

the other server is expressway -E server which deployed after the Firewall in DMZ Area but the DNS is set to ISP Public DNS Server.

both server can communicate with each other but the problem I faced is that when I try contacting from E to C using name it gives error unreachable.

I reviewed the DNS Setting of expressway E and found it make the query to public DNS Server.

I read about the setting required and found that there sgould be SRV record on public DNS server pointing to the local DNS Server.

I don't have idea how can I do it???

Labels:
0 Helpful
1 Reply 1

devils_advocate
Level 7
Level 7

‎02-12-2016 12:12 AM

Your Exp-E node needs to be capable of reaching your Exp-C node.

The Exp-C node will have a Private internal IP address on the LAN so the Exp-E needs some way of routing traffic to this.

Does your Exp-E node have a single NIC which uses a Public IP address?

There are two main ways of setting this up but it depends on your setup.

Look into the 2 NIC setup for the Exp-E box, one NIC has the WAN Public IP and is reachable from the Internet and the other has a LAN address (can still be in the DMZ). You then punch ports in the FW between the LAN address of the Exp-E box and the LAN address of the Exp-C box.

A traversal zone is needed between Exp-C and Exp-E so giving the Exp-E box a Public IP with no ability to route back towards the LAN is not going to work.

The documentation on this is very comprehensive, the only difficult part in my experience is the Certificates!

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-5/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-5.pdf

The SRV record you are referring to allows Jabber clients which are connected to the internet to reach the Exp-E's Public IP. You also need an SRV on the internal DNS to allow Jabber clients to reach the internal CUCM/CUC/IMP servers whilst connected to the LAN, you don't want them going out to the internet and back in via Expressway if they are connected to the LAN anyway. 

0 Helpful
Customers Also Viewed These Support Documents