Jabber Clients no audio both ways on different VLAN to CUCM 12.5 (firewall in between)

luke5 · ‎10-02-2019

Hello,

We've recently installed CUCM CUAC Cisco Unity snd CUCM IM&P across my site and works really well.

I've recently wanted to use Jabber app on mobile devices only. However, the jabber app makes calls, receives calls, answers calls, connects calls successfully but, no audio both directions. (Using latest app on AppStore or Google Play)

Calls from/to other wireless jabber clients also have no audio. Deskphone <-> jabber calls have no audio.

My company uses firewall rules between VLAN's.

The CUCM and server are on VLANa and my wireless clients are on VLANb

We use Barracuda Firewalls.

My firewall team have informed me that traffic is not routed or NAT'd.

Both VLAN's are at the same physical site.

I have added the correct firewall rules per

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/12_6/cjab_b_planning-guide-for-cisco-jabber-12-6/cjab_b_planning-guide-for-cisco-jabber-12-6_chapter_010.html#CJAB_RF_P3A082A9_00

and most recently, I've had all ports opened to/from CUCM & IM&P servers to wireless clients.

For troubleshooting, I've taken a laptop, and connected it to the VLANb using windows jabber app 12.6 and I receive the same no audio both directions.

I then take the same laptop and connect via ethernet to the same subnet as the CUCM & other servers make a jabber call and the audio works in both directions. Works with numerous calls.

What could be causing this issue please? any help would be appreciated.

What needs to be working for jabber clients being in a different VLAN, other than what I've setup already ?

Thank you

Jaime Valencia · ‎10-02-2019

RTP flows directly between the endpoints, it doesn't go thru CUCM unless you use MTP/TRP which is not usual. So, is there routing between the endpoints and do you allow RTP traffic?

HTH

java

if this helps, please rate

luke5 · ‎10-02-2019

No routing between endpoints, so I've asked our firewall team to confirm. Just a different VLAN.

No restriction between endpoints, as they're both on the same subnet but, different to CUCM and IM&P.

At present, all ports are open to CUCM and IM&P from the Wireless VLANb subnet . Also NTP and DNS to appropriate servers.

Before we opened up all ports, I have always had RTP allowed, we even tried bi-directional on the firewall rules too.

No Deep Packet Inspect or IPS enabled either on the rules.

Jaime Valencia · ‎10-03-2019

"No routing between endpoints, so I've asked our firewall team to confirm"

If there's no routing, then that's your issue.

Signaling goes from the devices to the CUCM/IM&P servers, RTP is directly between endpoints.

Most one way audio or no way audio issues are routing issues, so, find out the path RTP takes in your network and make sure it can make it from one endpoint to the other in both directions.

HTH

java

if this helps, please rate

luke5 · ‎10-03-2019

What I meant to say was, there are no routing issues after asking my firewall team. Even though the connected call endpoints are all on the same VLAN, it still requires routing ?

As all ports are opened on firewall to the Call Manager subnet and the call is connected without any restrictions between endpoints. I would have thought that routing would already be in place.

mobile phone 1 <-> connected call <->mobile phone 2. Same VLAN.

CUCM , CUCM IM&P. different VLAN.

Firewall in between VLANs.

Be easier if this website would let me upload a diagram. :(

I'll try and investigate the RTP path and advise.

Thank you for the reply,

luke5 · ‎10-08-2019

fixed today. The inter-VLAN RTP traffic was limited from my wireless clients endpoints to the CUCM & IMP servers only, not opened to the other endpoints.

I opened it to the entire subnet both directions, now my wireless endpoints can talk to desk phones endpoints in different VLAN's with audio both ways, thankyou.