Jabber Gateway

joshua.gertig · ‎09-27-2013

Hi All,

Sorry, Jabber/CUPC is not my specialty so please pardon any ignorance here.

Here is what my users would like, the ability to use Jabber for i-phone on company supplied i-phones. They don't necessarily want to federate, just have internal users be able to use jabber. There is resistance to using AnyConnect at the moment and I was asked to see if there were another way.

So, I believe we could add a DNS SRV record (e.g. jabber.comanyABC.com) and NAT it to our internal CUPS server (version 8.5). So I supplied the required ports (according to http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/iPhone/8.6/JABI_BK_J29330BB_00_jabber-for-iphone-admin-guide_chapter_010.html#topic_8B2E44B8B4A24DE1935408F2E1FC12BC), however they say LDAP port exposure is a show stopper.

Any guidance around this? Is there some sort of Jabber gateway that could sit in the DMZ (sort of like CUBE) or something?

Thanks,

Josh

Jonathan Schulenberg · ‎09-27-2013

Do not expose the IM&P cluster (except for XMPP Inter-Domain Federation) or CUCM to the Internet; neither product is intended to be exposed to untrusted networks. As you discovered, the current Jabber 9.0 apps for iOS consume a whole bunch of ports. Several of these - esspecially the SIP softphone - don't mix well with NAT to say nothing of the missing security mechanisms to run without a VPN connection.

In the 9.0 product, you need AnyConnect. I cannot discuss product roadmaps here; however, I suggest you talk to your Cisco AM/SE about your options now and in the future.

Please remember to rate helpful responses and identify helpful or correct answers.