cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11593
Views
0
Helpful
23
Replies
Highlighted
Beginner

Cisco Jabber - You cannot login outside corporate network

Hi,

I am setting up a lab which has the below

CUCM
IMP
Expressway-C
Expressway-E

I am able to login to Jabber internally fine and make calls but when trying to login externally I am getting a message from the client, "You cannot login outside corporate network. Contact your admin"

When I look at the Expressway-E the error I get when trying to login is

httpd[30621]: web: Event="Security Alert" Src-ip="82.132.237.193" Src-port="34946" Detail="Possible Cross Site Scripting (XSS) attempt detected." UTCTime="2017-01-17 15:41:33"

Has anyone else experienced this & know of a fix?

Thanks

23 REPLIES 23
Highlighted

Hi ,

Thanks for your response..What do.you mean by inside and outside domain is different??

As far as I.know both the domains are same...  what should I check.In the public domain

Highlighted

Hi,

Yes freshly used for MRA.

Only warnings I see are on the expressway-E when attempting to login

httpd[30621]: web: Event="Security Alert" Src-ip="82.132.237.193" Src-port="34946" Detail="Possible Cross Site Scripting (XSS) attempt detected." UTCTime="2017-01-17 15:41:33"

No warnings on Expressway-C can be seen

Highlighted
Beginner

Hello Dean, 

Did you find the solution? I have this problem too and I don't know what is happening. I've implemented Expressway MRA before and I haven't had this problem. I have x8.9 with dual-NIC enabled. Do you have this same deployment? Internal and external Domain names. 

Highlighted
Enthusiast

We just started seeing this message as well.  Everything worked up until about yesterday...  

Has anyone been able to find a solution?

Highlighted

This may not be accurate or help anyone else, but in our situation, "You cannot login outside corporate network" appeared to be caused by our external DNS provider not returning a result for the _collab-edge SRV record.  

Once I fixed DNS everything was fine.   

I cannot speak to the "Possible Cross Site Scripting attempt" though...  

Found this tool in another thread, very useful!  https://cway.cisco.com/tools/SrvRecord/

Highlighted
Enthusiast

Hello ,

I have the same issue, everything was working fine before I start seeing the error message "You can not login outside your corporate network."

Any solution so far?

Highlighted

Not sure if this is a solution, but I noticed our certificate on the e server wasn't a SAN cert. According to TAC, that is the kind of cert that is needed and the cert also needs the high level domain added as a SAN, or needs the collab-edge.<yourdomain> as a SAN.  I added both to the CSR, had it signed, uploaded it, restarted the server and haven't received that error since.

Highlighted

Hi,

In my case there was something not normal in the DMZ switch or even the firewall , changing the physical connection between the expresswayE ( LAN2) and the firewall solved the issue.

thanks for contributions 

Highlighted
Beginner

Hi All,

I am also facing the same issue. When I login from the jabber from outside, it takes me to the Certificate page but after clicking on.Continue it replies :

Cannot communicate outside the corporate network.

All the configuration are verified they are fine.

Vcse is 8.9.2 

I don't understand where is the problem.

Please help guys with a solutions

Thank you for your support I advance

Content for Community-Ad