06-23-2017 01:51 AM - edited 03-19-2019 12:34 PM
Hello, I would like to clarify my confusing about Expressway DNS requirement. Currently, there are separate internal and domains. I want to install Expressway with a single interface.
What are the appropriate
In a case of separate internal and external domain, how Jabber will resolve username@externaldomain.com in the local network? I saw some blogs that say to change the external domain in the jabber-config file. But I don't want to play with every jabber.
Is there any better solution for user single entity login in both internal and external network? I think if I add another externaldomain.com zone in the internal network (but
So in the internal, I will have internaldomain.local and externaldomain.com zones with local
Solved! Go to Solution.
06-24-2017 08:08 AM
It will work.
BUT, as I mentioned already. By creating 'externaldomain.com' in your local DNS will affect your internal users, so you cannot just add the '_cisco-uds' in there, you'll have to add all the records (A,MX,SRV,etc...) that are configured on the internet in your 'externaldomain.com', of course without the _collab-edge. That'll be the only difference between them.
So if you do it, do it very carefully, and not in the scope of the working hours of your company - depends on your DNS size of records and configurations (in the public internet).
06-24-2017 09:23 AM
Doesn't matter.
But I would advise you to login with your Cisco Jabber for the first time only after you put the jabber-config file into your CUCM TFTP.
If you do it after, it is better to clean the configuration of the Jabber by logging out and pressing the File -> Reset Cisco Jabber, especially when you're doing tests and trying to do the setup.
06-23-2017 05:01 PM
You will also need NAT reflection, using a single NIC is not the recommended deployment.
If you're going to use a different domain internally and externally, you have no choice but to use the voice services domain parameter in the .xml for that to work. If you want only a few devices to use that, use the Cisco Support Field to have them user a special jabber config file.
If you don't want to do any translation, you would need to use the same domain internally and externally.
06-23-2017 11:19 PM
Can I accomplish to use the single external domain? I think I could create externaldomain.com in internal domain, but mapping with
Because I don't know how many users will connect. So I will have to change every
06-24-2017 07:17 AM
If you'll add the external domain on your internal network, you CANNOT add the expressway to be resolvable from the within. This is a split DNS topology actually.
The DNS configuration should be:
externaldomain.com on the external:
resolving only the Expressway-E.
externaldomain.com on the Internal:
Resolving only the CUCM & IM&P servers.
For me, this is the preferred topology. But keep it in mind, that from now on, if you go and do the split DNS, you'll have to maintain all the DNS records that currently on the internet, also on your private network, otherwise people that are connected to the private network won't be able to access services that located on the 'externaldomain.com' because it won't be resolved.
06-24-2017 07:24 AM
But in that preferred topology, I have to change jabber-config file for each user. Do you think that it is the correct solution for 100 users?
You said "you'll have to maintain all the DNS records that currently on the internet, also on your private network" Can you clarify this a little bit more? In public domain, I will have collab-edge and A record of expressway-
06-24-2017 07:42 AM
You won't have to change the jabber-config per each user, you'll have to change it only once, the main one and add this:
<Policies>
<VoiceServicesDomain>externaldomain.com</VoiceServicesDomain>
</Policies>
Unless I'm missing something?
About maintaining the DNS records.
Think that for example you have a website that can be accessed under 'externaldomain.com' from the internet, and currently from within the organization.
How is that, that from within they can access it today? It's because you have some forward DNS rules to some public DNS servers that are resolving this domain.
BUT... when you add a new zone called 'externaldomain.com' in your organization, when a person will try to access the website that is on this domain, he won't be able to access it anymore. It's because now, when a computer in the organization sending a DNS query inside your domain, your DNS server will actually now find this domain on your network, and won't try to resolve it in the public internet. So it means, that all the A, MX, SRV, etc records that configured on the internet, you'll have to configure it one by one on the inside too, otherwise your organization will cease to communicate with services under this domain.
So if you have an huge DNS on the public internet, it can be very messy to maintain it on the internal network. If it's a small one, with a few A records you can do it easily, but just need to remember all the time, that each change you do on the public internet, you'll have to make it on the internal, too.
And for your question about the _collab-edge SRV record. You mustn't configure this SRV on your internal network, because you don't want people to communicate the Exrepssway when they're on the internal network. When a person is logged to the internal network, all he needs is to communicate with internal services: CUCM, Unity, IM&P.
And last thing... because your users are connected to a domain 'internaldomain.com', and not to the external, it means that you'll have to configure the _cisco-uds, _cuplogin SRV records on your internal network for the both domains:
It should work. I did a few setups like that.
06-24-2017 08:02 AM
To be clear, my purpose of creating externaldomain.com in local dns is just for
So local DNS there will be 2 zones, the same records for each:
internadomain.com:
-cucm01.internaldomain.com - 192.168.10.10
_cisco-uds - cucm01.internaldomain.com
extenaldomain.com:
-cucm01.externaldomain.com - 192.168.10.10
_cisco-uds - cucm01.externaldomain.com
User logs in username@externaldomain.com. Jabber cannot find
In local network:
User logs in username@externaldomain.com. Jabber finds
Will it work?
06-24-2017 08:08 AM
It will work.
BUT, as I mentioned already. By creating 'externaldomain.com' in your local DNS will affect your internal users, so you cannot just add the '_cisco-uds' in there, you'll have to add all the records (A,MX,SRV,etc...) that are configured on the internet in your 'externaldomain.com', of course without the _collab-edge. That'll be the only difference between them.
So if you do it, do it very carefully, and not in the scope of the working hours of your company - depends on your DNS size of records and configurations (in the public internet).
06-24-2017 08:18 AM
Thank you, really appreciated. There is not any public DNS, published services yet. I will create it from scratch.
The last thing I would like to know, you said: "You won't have to change the jabber-config per each user, you'll have to change it only once, the main one and add this".
I see
Navigate to %APPDATA% > Cisco > Unified Communications > Jabber > CSF > Config, and create this jabber-config-user.xml
This is the directory of PC. Does not it mean that I have to do it
How about
What do you mean by saying changing it only once and add? Where can I do it and apply?
06-24-2017 08:22 AM
Ah no no ;)
This method you're talking about is if you want personal jabber-config file for each user, but this is not the case. In your TFTP you currently have a 'jabber-config.xml', right? If so, just edit it and place the XML content from my previous posts.
There may be a chance that the user that already logged into the Jabber on his PC, will have to disconnect and do 'Reset Cisco Jabber configurations'. But only once.
06-24-2017 08:32 AM
I am sorry for my dummy questions :) There is nothing in the production but
The 1st one - editing
What do you mean by TFTP server? You mean
06-24-2017 08:42 AM
The TFTP is a services that is running on your CUCM that contains all the firmware, MOH, background files and etc. When placing the 'jabber-config.xml' file on your CUCM (TFTP service) it is available for all the users requesting it. That way you don't need to go user by user and put a personal jabber-config file.
In order to upload a file to your TFTP on the CUCM you need to go to: Cisco Unified OS Administration. And then in the menu go to: Software Upgrade -> TFTP File Management. There, you can add new files to the TFTP of the CUCM.
Keep it in mind:
Hope it helps ;)
06-24-2017 08:46 AM
Thank you. Is it required jabber client to log in at least once or I can do it before jabber client login?
06-24-2017 09:23 AM
Doesn't matter.
But I would advise you to login with your Cisco Jabber for the first time only after you put the jabber-config file into your CUCM TFTP.
If you do it after, it is better to clean the configuration of the Jabber by logging out and pressing the File -> Reset Cisco Jabber, especially when you're doing tests and trying to do the setup.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide