I developed in the test CWMS 2.5 environment on 50 users on Split-Horizon topology. I allocated external static IP and I adjusted static NAT for this address to the IRP server address Public VIP. I can't access ещ CWMS through external IP, while on Public VIP I acccess normally. I.e. if I access to external IP my browser show "ERR_EMPTY_RESPONSE" and if I access to Public VIP - everything is normal, the invitation to input of login and the password is issued. It is sure that NAT is adjusted correctly. Why I can't to access over NAT? Any ideas?
My NAT string:
ip nat inside source static X.X.X.X Y.Y.Y.Y
, where X.X.X.X - Private VIP, Y.Y.Y.Y - external IP
ping to Y.Y.Y.Y response successfully.
There isn't enough information to understand your deployment to be able to provide any meaningful advice. Can you please add more details about your deployment and the issue itself?
CWMS Split DNS deployment..
50 ports deployment --IRP Server in DMZ ---Admin Server in Internal Netwok
IRP server shows connected to the Admin server
We are able to access WebEx services from internal network ,Public access enabled in the CWMS ,Public VIP is same Subnet of the IRP real IP
Public VIP is Nated to one Public IP from the ISP ,Port 443,80 is opened
In Public DNS server ,meeting URL is resolves to Public ip address
When access the URL from outside ,Giving the certificate trust error and giving error "ERR_EMPTY_RESPONSE"(Chrome)
Thank you, Nishad.
If in CWMS Dashbaord, IRP shows as Good and everything seems to be fine, you can run an easy and quick test to ensure IRP is working fine.
First, if your DMZ firewall allows connection to PUBLIC VIP on IRP VM on port 443, check if you can connect from internal machine to PUBLIC VIP via port 443.
For example: publicVIPIPaddress = 192.168.1.220
telnet 192.168.1.220 443
If that connects, means your IRP VM has Public VIP up and running and accepts connections on port 443.
Since you are using Split-Horizon DNS, currently, internally your WebEx Site URL is routed to Private VIP on Admin VM. To bypass that and go to Public VIP internally do the following:
1. Open Notepad (Run as Administrator)
2. File > Open and browse to c:\Windows\System32\Drivers\etc\hosts file
3. In hosts file add the entry with PUBLIC VIP Ip address configured on the IRP VM and WebEx Site URL
4. Save the change, but don't close the file just yet as you will remove this entry after testing is done.
5. Open Command Prompt and ping webexsite.domain.com (WebEx Site URL), and confirm that now it resolves with the Public VIP IP.
6. Once confirmed that your machine is sending requests for Webex Site URL to Public VIP on IRP VM, open the browser and try accessing WebEx Site URL.
If this works fine, it means IRP is working fine, and internally you can access WebEx Site using Public VIP. Hence, you are having an issue with NAT-ing on the external firewall where the requests are not properly routed to PUBLIC VIP.
Try this and let me know how it goes.
It was really great explanation.
We were not able to access webEx through IRP ,Even we tested from Same subnet of the IRP server
Finally we got to know ,The internal firewall blocking few ports between Admin and IRP server .
Now the IRP server is working fine