Jabber VCS Expressway - DNS resolution internal Highway itself

Similar Questions

• Jabber client - encryption of VCS Expressway with MRA

  Hi all

  I'm working on the implementation of MRA for a video solution existing. Version CUCM is 9.1.2 (no IM & P server), vcs - c and vcs-e 8.2.2.  Client Jabber is 11.5.x

  I finished most of the introduction and I am able to call internally and externally through MRA.

  I still have a few things to tweak.  One is the encryption of video calling once jabber connects from outside.  From my understanding, the thigh jabber call end point and VCS Expressway uses TLS. But when I run wireshark on the PC with Jabber client, I don't see the RTP stream as being encrypted.

  CUCM my jabber device does not use a secure profile.  Is it ok or not?

  Please let me know if more are needed.  Thank you

  You can confirm the call is encrypted from the client of jabber MRA by doing as follows (I used 11.5 jabber client, if you are using an older client, I can't guarantee this method):

  1. make a call from the client jabber ARM, once the call is configured and media is established, you can end the call.
  2. create a jabber client problem report (help > report a problem...)
  3. Enter the required details and save the .zip file.
  4 extract the file "jabber.log" from the .zip file. Since this file (at least since the version of client jabber 11.5) has the SIP messaging included in this document, you can use TranslatorX to view the file (you can also use a text editor if you wish).
  5 generate a diagram of the log file.

  translatorx - 01.png

  

  6. in the diagram of the scale, you should be able to locate the origin of the call. Search for an invitation, in my case a "RE-INVITE" and select it. A pop-up window will appear with the details of the SIP message.

  translatorx - 02.png

  

  7. read the content of the message prompt of the SIP protocol (focusing on the SDP - the component of negotiating media). I won't go into detail about how to read SIP messages (there's a good article here, it is not for jabber specifically, but the same concepts apply).

  translatorx - 03.png

  

  8. close the prompt message and open the message 'OK w/SDP' to examine the response of the VCS-E. The SDP response, we can confirm that the encryption settings have been accepted for the media (media will be encrypted).

  translatorx - 04.png

  

  For re - apply point Jamie, unless you run CUCM in mixed mode and using security profiles, signalling/media encryption stops on the thigh of CUCM/endpoint and the VCS - C respectively. See the diagram below for reference (mixed mode not implemented).

  MRA-media - flow.png

  

  You need not applied to the device of CSF security profiles to obtain the encryption between the client of jabber MRA and the VCS-E. If you can decode signaling and media packets in Wireshark your jabber client, you probably will not connect via ARM (ARM is always encrypted).

  Please let us know if that helps.

  -Jon

• Question record DNS SRV + VCS Expressway

  Hi all

  I have a South, VCS in the DMZ, and I am facing a problem with the SRV DNS records.

  VCS Expressway Hostname:-VCSe

  Domain: example.com

  FULL VCSE domain name: VCSe.example.com

  and I have an a record set up for the same FQDN in DNS Public Server.

  I have a sip domain configured as 'cisco.com' in my VCS Expressway.

  What is the SRV records, I need to create in the Public DNS server.

  Kind regards

  Nikhil Jayan

  Nikhil,

  It seems that you have not checked the link I sent you earlier... A very explicit documents. in any case that we talked about earlier is we were talking about signs send calls to the highway as well as parts of the record.

  In your deployment, you have a different domain for DNS and SIP domain. Also as you say you meet Highway cluster and you want to record to both endpoints and then I suggest you to check the document for the creation of cluster on cisco webesite.

  Now, if you have a cluster for Highway then you must create several srv records that would be pointing to each domain name FULL of the approved cluster with equal weight. In normal use scneario of domain common to different services are recommended.

  Srv records would have seen something like that.

  _sips._tcp.company.com. 86400 IN SRV 1 1 5061 vcse1.company.com.

  _sips._tcp.company.com. 86400 IN SRV 1 1 5061 vcse2.company.com.

  _sip._tcp.company.com. 86400 IN SRV 1 1 5060 vcse1.company.com.

  _sip._tcp.company.com. 86400 IN SRV 1 1 5060 vcse2.company.com.

  _h323ls._udp.company.com. 86400 IN SRV 1 1 1719 vcse1.company.com.

  _h323ls._udp.company.com. 86400 IN SRV 1 1 1719 vcse2.company.com.

  _h323cs._tcp.company.com. 86400 IN SRV 1 1 1720 vcse1.company.com.

  _h323cs._tcp.company.com. 86400 IN SRV 1 1 1720 vcse2.company.com.

  _h323rs._udp.company.com. 86400 IN SRV 1 1 1719 vcse1.company.com.

  _h323rs._udp.company.com. 86400 IN SRV 1 1 1719 vcse2.company.com.

  However, your case is different. In your deplyoment what you have to do is any request for the domain "cisco.com" should be resolved in FQDN of the VCS-Highway peers with equal weight.

  for example

  _tcp.gmail.com. IN SRV 20 0 5222     talk2.l.google.com.

  Therefore, any request to gmail.com would resolve to the talk2.1.google.com server.

  same way you have to make it work.

  Thank you

  Alok

• VCS Expressway outside to endpoints internal call

  I have a new implementation where internal control 1 to VCS in LAN and VCS Expressway in DMZ 1.

  VCS Expressway has an IP public address/NAT.

  Currently, we have a group of VC endpoint, each endpoint has a public IP/NAT to the local network, to allow internet to make H.323 call directly by public IP address of the composition of the endpoint.

  My question is, after having implemented VCS Expressway in DMZ, how do the numbering plan at each endpoint internal VCS Highway outside call? Do I still need to give to each endpoint an ip/NAT publich.

  Thank you very much.

  A much simpler and in my opinion, more elegant and more scalable solution would be not to use IP addresses for calls, but to allocate and register outcomes with E.164 alias. That way you all you need is the internal IP address.

  So the outer ends may, in this case, call your settings using the [email protected] / * / or [email protected] / * /-E_IP_address.

  Internal assessment criteria can call each other using alias only for as long you have the rules of research in place, and cannot therefore have the external ends you will allow to record with you VCS-E for one reason or another.

  If you have the outcomes of Polycom external with the old version of the software that does not support Annex O URI component, then it's very simple to include a transformation of prior research on the VCS-E which will allow these settings call using owners 'numbering URI "; VCS-E_IP_address ##Alias - and if you, on the odd occasion, a final point which cannot use anything other than IP addresses, you can configure the alias of relief on the VCS-E to point to a specific or a standard automatic on a MCU, purpose etc.

  A dial plan using as above will also allow you to use DHCP addresses, the alias remains static, and that's what counts, addresses much simpler to give to people. e.g. 123456 is much easier to remember than 202.138.98.23 etc, not to mention the IPv6 addresses, and because you save your settings with domain name, and then customers SIP will also be able to connect very easily.

  /Jens

• Highway-C and highway-E and VCS Expressway

  Hello

  I'm confused by these three

  I know that expressway-E is used with Express-C track

  Their function is like VCS Expressway? or am I wrong?

  Please help to know when to use each one?

  Also why use us next to the firewall? What is the average of the crossing of firewall?

  Also, when I connect external with Jabber, is there any type of registration with each of them? I see a number taken in charge of registeration of 2500 and 5000 in the VCS Expressway data sheet

  Thank you

  Haitham

  Hi Haitham,

  In general, a point of endpoints/client must register for a 'device' so that it can be used as part of a company dial plan. This 'device' could be CUCM or a VCS and will determine if an endpoint/client is used to connect, or how the calls and form, it can be done.

  If the endpoint does NOT have one of these devices (CUCM or VCS), it could still be used (for example, a videoconferencing device stand alone), it's just that we do not see within the company structure of appeal. It may not appear in the directories, it cannot give priority to call outside, etc etc. The Jabber client has to register with CUCM either a VCS to make it work at all.

  If you use CUCM with a VCS-E, endpoints will record to CUCM. If the endpoints are internal to the company, they apply directly to the CUCM and if are external, then they will be connect via VCS-E and the recording will be dug through CUCM, so still save with CUCM.

  VCS-C/e with environment of TMS, endpoints will record VCS - c when internal and again use the VCS-E for tunnel applications from external device to the VCS - C. Depending on how you want to deploy these devices, external devices/clients could actually register directly with VCS-E, but I'm getting ahead of things. Jabber in this environment use of TMS to provide authentication of the user, even if the actual recording takes place on the VCS.

  Does that help?

  Chris

• VCS Expressway, highway

  Hello

  Gently, I confused, what are the differences between VCS Expressway and Freeway?

  -Don't need Expressway a HW (server), it is only allowed in CUCM I need to buy?

  -pre sales engineer, when can I choose VCS-E? and when can I take the freeway?

  Thanks and greetings

  There is a thread here:

  https://supportforums.Cisco.com/discussion/12699961/Expressway-series-vs-VCs-control-Expressway

  To summarize:

  What are the differences between VCS Expressway and Freeway?

  -VCS expressway or the Server Traversal is the 'legacy' that supports local recording of external H323/SIP based endpoints by using its features of Registrar Gatekeeper h.323 and SIP. It also serves as the traversal server for VCS (client of crossing) control to support for firewall traversal calls and B2B.

  -Highway consists of Core Expressway and the highway, or they call it 'Collaboration Edge'. The concept of highway is the same as the 'life' VCS control + VCS Expressway to provide firewall route, B2B calls. Channel Express is an extension for CUCM controlled environment for Mobile and remote access. With Highway, external clients/video endpoints can register on the CUCM without using VPN. Expressway in this case do not support the records the of endpoints. Endpoints will locally save on CUCM using technology of firewall Expressway (Core + Edge) courses.

  Expressway takes a HW (server), it is only allowed in CUCM I need to buy?

  -  Highway needs a server and it can be deployed in a virtual environment.

  You can take a look at offerings Cisco Business Edition 6000 (BE6K):

  http://www.Cisco.com/c/en/us/products/collateral/Unified-Communications/Business-Edition-6000/data_sheet_c78-717454.html?CacheMode=refresh

  as when can pre sales engineer, I choose VCS-E? and when can I take the freeway?

  -I suggest to contact your Cisco representative helping you find the right solution for your customer.

  Kind regards

  Acevirgil

• 2 MCU and VCS Expressway, routing problem

  Hi all

  We have a design with a group of control VCS (2 members), cluster VCS Expressway (2 members), and a couple of microcontrollers (registred H.323 on VCS control cluster with the same prefix: 90).

  Each highway has a public IP address and incoming calls from outside can only be routed to microcontrollers:

  [email protected]/ * / for MCU_1 and [email protected]/ * / for MCU_2 (we don't have external DNS resolution).

  I put a conversion into motorway of VCS to change [email protected]/ * / to [email protected] / * / and [email protected]/ * / to [email protected] / * /.

  The problem is when someone calls [email protected]/ * / sometimes (randomly) the call is routed to MCU_2 (instead of MCU_1) and if the appellant see the auto attendant.

  The occcurs even then of the appeal [email protected]/ * / (MCU_2), sometimes the call is routed to MCU_1.

  Any idea what can cause this device or a way to make it work well?

  Thanks for help.

  José

  I think still that separate prefix would work, but here are a few ideas:

  Are incoming calls which do not possibly using SIP that is being interoperability H323 or incoming calls all certainly the H323?

  If you want to keep pure H323, you could perhaps just have a search rule/turn on your VCS-E who changed [email protected] to an E164 e.g. 90... and had a search on your VCS - C rule that says 90... stop at the local area.

  I also noticed that you direct calls to [number]@MCU-IP - have you tried to direct all calls to [number]@VCS-C IP instead?  If the VCS is the holder of a registration for a number, it should be able to deliver accordingly.

• VCS - C VCS-E DNS

  Dear,

  I have two VCS-E and VCS - C and I followed the VCS - C and E Deployment guide please help me with the following:

  1. in the SCV DNS deployment guide - area E string model ((?. * @% localdomains%.*$).*) what should I use instead of localdomain?) What is the domain DNS record?

  2 - I did everything as the guide suggested, but I do not understand the DNS part can anyone briefly explain it to me, or give me an example, because I want units to be able to call me from outside and im not a expert in DNS, please help

  If you have any SIP domains configured on your highway?  You can leave % localdomains % as it is, as that will match all SIP domains configured on your Expressway.  If you do not have any installation areas SIP, to replace it by whatever your field.

  Insofar as the DNS records, I guess you're talking about SRV records?  If so, see some of the discussions in the forums below.

  VCS-Expressway-and-Endpoint-DNS-Registration

  VCS-Expressway-cluster-DNS-SRV-Records

  DNS-SRV-record-issue-VCS-Expressway

  Essentially, you have an a record for your Expressway which will be that it is COMPLETE, and on your external domain, you create SRV records for each type of service that point to this FQDN Expressway.

• VCS Expressway & movi 4.2 configuration

  Hi all

  I created movi account manually in the TMS and it work perfectly with VCS - control.

  However, it cannot register for VCS expressway. Is it mandatory to have a name authority pointer record in DNS?

  For example, configure us abc.com as the domain name SIP Highway VCS, is mandatory to fix abc.com as public highway VCS by DNS server IP address?

  Thank you

  Ben

  That is to say you do not originate in the AMZ comes directly to the public IP address of the VCSE

  If that's the case at least, you should see registration tent if nothing can be seen then you need to look at the firewall

  is he ASA? try tp packets capture and see why you arew not hitting the VCSE using SIP

  as it could be firewall issue!

  HTH

• Tandberg VCS Expressway - rules of appeal policy

  Dear all,

  We are currently deploying DNS resolution on the highway to VCS, and it works as expected.

  However, we would like to block an outside party to call our VIP users, so we are set up the rule of the appeals policy.

  According to the help page of VCS, both the Source and Destination are supported by regular expressions.

  But we found that the strategy of appeal rule is not as planned.

  For example, we have configured

  Schema of the source: [email protected] / * /

  The destination model: [email protected] / * /

  Action: allow

  As a result, the user [email protected] / * / is not able to call the endpoint ex60domain.com.

  Does anyone face the similar problem? Or someone has the recommendation on this matter?

  Best regards

  Ben

  As Andreas mention, you can use the CPL to control call of endpoint not registered by CPL following (just quick example)

  ===============================================================

  "xmlns:TAA ="http://www.tandberg.net/cpl-extensions"

  "" xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance"

  xsi: schemaLocation = "urn: ietf:params:xml:ns:cpl cpl.xsd" >

  ===============================================================

  Another solution is to use the new dial plan search rules introduced in X7.2 release.

  Registration of endpoint of VIP in separate subfield and create specific search rules.

  With X7.2, you can configure the search rule detail as called Protocol and source subfield level targeting specific subfield level.

  Please see page 35 of https://supportforums.cisco.com/docs/DOC-26316.

  (But this little yet complicate when call comes e - VCS to VCS - C where VIP registered endpoint).

• How to make or VCS Expressway TURN illustrated works?

  Hi, Experts.

  My VCS Expressway equipped Tower, and I found for TOWER configuration is pretty simple, it allow just under VCS Configuration > Expressway > turn ON, but no matter, I tried, licenses of relay TOWER always indicated '0' in the 'current' line under the VCS Expressway dashboard.

  I took my test in this way, two Jabber client video (v4.5, MAC edition) reside in a different network behind NAT (no firewall), they call each other and regardless I turn on or turn off the TOWER, still good video quality services mine. (VCS Highway away from the two movi), I assumed that in both cases, the media traffic send directly between the two Movi, rather than climb up to the VCS Highway and then return, normally called us "Hairpin" traffic.

  The result is not I have enabled or disabled the service of the TOWER, it always not-pinned hair, and still no license relay TOWER was used.

  What happens here? something wrong? I'm quite confused.

  You have to turn on the feature of ice on the Jabber video model?

  

  On the model of commissioning, you must configure the address of TurnServer, TurnAuthUsername and TurnAuthPassword.

  You must also configure the authentication domain in VCS - E who use to run the server (you must set the match name and user password with TurnAuthUsername and TurnAuthPassword set up on the model of commissioning).

• review during deployment - VCS Expressway

  Hello world!!!

  We knew the benefits of deployment - VCS Expressway. After reading "Cisco TelePresence video Communication Server Configuration of base (control with Highway) - Deployment Guide", I and my team are faced with the following:

  1 - if we do not "Advanced Networking option key", we are not able to use the static NATing feature of the VCS Expressway, but also the interfaces network double. This is why we need this firewall do NAT reflection (it allows to control VCs access the IP public VCSexpressway) and the deep Inspection (to change the IP address that is part of the SIP header). This statement is correct?

  2. - If in my deployment, I'll open some ports in the firewall, is it means that my network is exposed to external threats? There are a few Considerations to keep in mind the safety on the end points that will be in the Internet?

  I also leaves a small attached file, in this file, you can get an idea of what I'm doing. I will seek in advance for your comments. Thank you for all.

  The same concept applies to the least.

  If you already have a DMZ with public IPs, you should be fine. If not, you could split the existing subnet you have, get a new ISP, use proxy arp...

  Not sure how are your details if you are unsure how to configure what I told you in the message before you may need to ask a guy to additional network.

  As you say yourself, if you can not prevent NAT (course, which is a nice way to deploy, but it would require double interface, now known as enhanced networking key).
  Also remember that you must not share the VCS-E IP with other services.

  Another option may be to accommodate the VCS-E to an ISP or there is also some providers that offer an area crossing of VCS (at least the non-cucm style) as a service.

  That you have developed a computer user, do you plan to use jabber-video (old style of tms) or jabber (cucm)?

  Please note the messages with the stars below and define the thread if it's an answer!

• VCS Expressway

  Hello

  • Is attached design, pls confirm if it is correct?
  • Actually my boss want to have a video conference with the xyz company that is have a VCS highway up and it works direct, we ordered the new switch Express VCS and 1 not old codec C20 it asked me to install, and unfortunately, I'm not able to configure, want to know the concept how URI dialing , and how do I register endpoints TP in VCS, I am recording Codec C20 for VCS and it shows in the registration of newspapers rejected and failed on C20.
  • Very new to VCS and desperately want to know how the flow of calls will be in 2 our separate entities for example, mycompany.com and xyz.com
  • There is no default gateway for LAN2 option so how traffic will be routed to other areas, we can add a route in VCS.

  Thank you

  Usually, there are two components - control and VCS VCS Expressway. VCS control is located on the internal network and VCS Expressway is located on the external/DMZ network. Endpoints register control VCS. VCS control build a "Zone of crossing" VCS Expressway and when endpoint route tent yells, he's going to Control of VCS VCS Expressway and then.

  You may be able to register endpoint for VCS Highway if you supply on this device license. You must configure a domain on the VCS to accept records. You must define this area even on the endpoint as well.

  Take a look at this to resolve endpoint records. http://www.Cisco.com/c/en/us/TD/docs/Telepresence/infrastructure/article...

  This can also be caused by firewall as well.

  You can see the documentation below for how to configure the outgoing VCS-C/VCS-e call.

  http://www.Cisco.com/c/en/us/TD/docs/Telepresence/infrastructure/article...

• Dns resolution for a sub.domain with some ISP DNS external in the management of the DNS (win20008 r2) service?

  Hello

  We have a domain.   www.mydomain.be.

  It is a public domain managed by our office.

  It is also the same for internal network active directory domain mydomain.be

  Of course, we have internal DNS in our active directory.

  the Registrar has created a subdomain.  www.Sub.mydomain.be

  My question is: how to solve (for my network internal only) sub.mydomain.be by the DNS of the ISP.

  --> How to work around the internal our DNS resolution for the sub.mydomain.be ONLY for the 'DNS ISP or registrar "?

  our internal DNS (r2 win20008 in active directory) must continue to resolve all applications except the sub.mydomain.be.

  Create forwarders? or another technique?

  Thank you

  Hassan,

  Hello

  Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

  http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

  See you soon.

• Control of VCS and VCS expressway design

  I have a problem with the design of control and track Express VCS. Now, here's two VCS control and a highway. As you know, put on the Internet Highway and a control on my seat. At the same time, I want to put the other control on the management of my company which is in another city. Can it work correctly? How dose it work?

  You must create two zones on VCS Expressway crossing server and a customer journey area by control VCS.

  In other words, you should have a link path by VCS - C connection VCS-E separately.

  Please be sure to set different H.323/SIP port on each VCS - C.

  For example:

  VCS - C1 (Headquarters): area of traversal client pointing to VCS-E 6001 as port H323 and SIP traversal port 7001.

  VCS - C2 (branch): area of traversal client pointing to VCS - E with 6002 as port H323 and SIP traversal port 7002.

  VCS-E: a traversal server zone list for VCS - C1 (6001 as port H323 and SIP traversal port 7001) and other traversal server list for VCS - C2 (6002 as port H323 and SIP traversal port 7002)