Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1853
Views
5
Helpful
8
Replies

Jabber over MRA only

Go to solution
1tarheelfan2
Level 4
Level 4

‎02-03-2021 12:36 PM

We have a situation in which some of our database are switching off and on of VPN to join customer VPN connections during the day and while on calls. The call drops during the switch. One idea is to have jabber register Only through MRA and not on prem/vpn.

Ideas on best way to accomplish this?

 

Thanks in Advance

LT

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Chris Deren
Hall of Fame
Hall of Fame

‎02-04-2021 05:36 AM

On newer versions of Expressway you do not need _cisco-uds SRV record in order for MRA to work, hence the easiest solution would be to delete this record on your internal DNS.  Keep in mind that it would permanently force all connections across MRA even for clients that are on-premise, so it may or may not be what you are looking for.

View solution in original post

8 Replies 8

Go to solution
Shalid Kurunnan Chalil
Spotlight
Spotlight

‎02-03-2021 02:40 PM

Hi there, 

 

If you are using Cisco ASA, then you can configure the DNS filter in the ASA. ASA blocks/filter the UDS service discovery (SRV check with UDS) and when jabber doesn't get the result, it then queries the "collabedge" to get the expressway public IP. So the Jabber always connects via the expressway from the external network and the VPN switchover doesn't affect the call in progress. 

We are using this setup in multiple customers and working as expected.

 

Please refer to the BYOD document outline the configuration details. 

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_CollabEdge.html 

This may also possible using a windows DNS filter which I haven't tried yet. 

. https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/apply-filters-on-dns-queries  

 

Regards,

Shalid

***** Rates if you find them useful and accept it as a solution if it resolves your query

 

 

0 Helpful

Go to solution
jayaprakasha94
Level 1
Level 1
In response to Shalid Kurunnan Chalil

‎03-26-2024 08:17 AM

Hi Shalid Kurunnan Chalil,

We are using Cisco ASA Firewall and trying to implement this scenario.

'Force Jabber to use MRA while connected on VPN'

The link you have mentioned is routing to some products page, Could you please share the ASA configuration to implement or updated official guide to configure the ASA firewall to block UDS service.

Thanks.

Regards,
Jayaprakash

0 Helpful

Go to solution
b.winter
VIP
VIP
In response to jayaprakasha94

‎03-26-2024 08:25 AM

You could also just install the Jabber with the following install options "EXCLUDED_SERVICES=CUP,CUCM".
This disables the search for the UDS entry completely.

0 Helpful

Go to solution
jayaprakasha94
Level 1
Level 1
In response to b.winter

‎03-26-2024 08:31 AM

Hi Winter,

It would typically force all the internal endpoints also will be re-route to MRA. On the other hand, simply deleting the _cisco-uds records in DNS server can trigger this. In my case, we would like to implement only for VPN segment.

But we want to keep the Wired LAN segments to use internal.

Thanks.

Regards,

Jayaprakash

 

0 Helpful

Go to solution
Nithin Eluvathingal
VIP
VIP

‎02-03-2021 07:17 PM

Jabber rely on DNS SRV to determine if the client is on internal or external.

If the name server does not resolve _cisco-uds  but does resolve the _collab-edge SRV record, the client attempts to connect to internal servers through Expressway.

 

if you are not using an ASA check the firewall vendor how to achieve the above.



Response Signature


0 Helpful

Go to solution
Chris Deren
Hall of Fame
Hall of Fame

‎02-04-2021 05:36 AM

On newer versions of Expressway you do not need _cisco-uds SRV record in order for MRA to work, hence the easiest solution would be to delete this record on your internal DNS.  Keep in mind that it would permanently force all connections across MRA even for clients that are on-premise, so it may or may not be what you are looking for.

Go to solution
1tarheelfan2
Level 4
Level 4
In response to Chris Deren

‎02-04-2021 05:42 AM

Thanks Chris. What are the disadvantages of this setup other than bandwidth use on prem? Also is there a way to force single clients to MRA but not the entire environment?

 

LT

0 Helpful

Go to solution
Chris Deren
Hall of Fame
Hall of Fame
In response to 1tarheelfan2

‎02-04-2021 05:59 AM

The disadvantage is that you are forcing all traffic through MRA so you need to make sure your MRA deployment is sized accordingly, it will generate additional external traffic that would have stayed local.  If you don't have ICE passthrough enabled that would mean all calls go through Expressway as well.  You would also use UDS for directory vs. EDI/BDI/CDI which may not scale for very large deployments as MRA only supports UDS. 

Since the SRV record is discoverable to the entire domain you cannot just easily do it for one client without putting that client in different domain, at that point some filtering on firewall. etc. would be better approach.

0 Helpful
Customers Also Viewed These Support Documents