cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1003
Views
0
Helpful
9
Replies
Enthusiast

Jabber login from public network not working

Hello all,

 

i am trying to register jabebr from public network with use of EXP-C and E.

but facing below error:

 

Warm Regard's
Amit Sahrma
Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Almost certainly a firewall

Almost certainly a firewall or NAT rule problem. It gets a little complicated, especially if you're using a single NIC instead of the dual NIC setup with the NAT Reflection behaviors.

Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.2)

Cisco Expressway IP Port Usage for Firewall Traversal

View solution in original post

9 REPLIES 9
Highlighted

Almost certainly a firewall

Almost certainly a firewall or NAT rule problem. It gets a little complicated, especially if you're using a single NIC instead of the dual NIC setup with the NAT Reflection behaviors.

Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.2)

Cisco Expressway IP Port Usage for Firewall Traversal

View solution in original post

Highlighted
Enthusiast

Hello, thanks for your help.

Hello,

 

thanks for your help..

i am able to login now with qcci.org from external network..

but issue is that user is unable to hear both part audio in connected call.

!

i check port setting it is enable for all ip between EXPC to EXPE.....

!

Any help would be great support..

!

 

Warm Regard's
Amit Sahrma
Highlighted
Cisco Employee

Typically these issues stem

Typically these issues stem from one of two problems.

1) Configuration as it pertains to the design on the Expressways

2) Firewall blocking the UDP traffic.

 

First question to you is are you using Single NIC or Dual NIC on the Expressway-E?

 

If you are doing a Single NIC design and will have a private IP for the Expressway-E you must fulfill these 4 requirements

1)    Static NAT Mode Enabled on the IP Configuration page of the Exp-E
2)    Static NAT Address Configured on the IP page of the Exp-E
3)    Expressway-C must resolve the Expressway-E FQDN to the Public IP, not the private
4)    NAT Reflection (Hairpinning) must be configured on the firewall so that traffic from the Expressway-C can be sent to the Expressway-E public IP and that can be redirected to the Expressway-E private IP. Please note not all firewalls support this functionality.

For design considerations of your Expressways read pages 51 and up of the guide below:

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-1/Cisco-VCS-Basic-Configuration-Control-with-Expressway-Deployment-Guide-X8-1.pdf

 

-P

Highlighted
Enthusiast

thanks fro your response to

thanks fro your response to correct me with configuration.

1) Configuration as it pertains to the design on the Expressways

 i applied as per design and still open all ports between firewall for jabber.

 

2) Firewall blocking the UDP traffic.

if no rule define, how can it block and what need to configure for jabber with audio?

 

First question to you is are you using Single NIC or Dual NIC on the Expressway-E?

i am using single NIC.

 

If you are doing a Single NIC design and will have a private IP for the Expressway-E you must fulfill these 4 requirements

1)    Static NAT Mode Enabled on the IP Configuration page of the Exp-E

i will enable it on EXPE>.


2)    Static NAT Address Configured on the IP page of the Exp-E

what need to EXPE for this NAT option?


3)    Expressway-C must resolve the Expressway-E FQDN to the Public IP, not the private

if this is resolving private ip, would be any problem?


4)    NAT Reflection (Hairpinning) must be configured on the firewall so that traffic from the Expressway-C can be sent to the Expressway-E public IP and that can be redirected to the Expressway-E private IP. Please note not all firewalls support this functionality

!

please tell me how can enable NAT reflection on firewall to working it?

!

thanks

Warm Regard's
Amit Sahrma
Highlighted
Cisco Employee

As mentioned in my post above

As mentioned in my post above. the Static NAT Address should be the Public IP of the Expressway-E

 

As part of this design the FQDN of the Expressway-E on the Expressway-C should resolve to the public address so it will be part of the issue. The primary issue is that then the Expressway-E is publishing it's connection string to the Jabber client, it's using the private address rather than the public. This is where the Static NAT Address comes into play. When that is configured the Expressway-E publishes the public address so that the Jabber client can send media to it.

 

NAT Reflection is going to be firewall specific. You need to determine which firewall you have and review the product documentation on the configuration. I do not have a particular configuration example but you could scour the internet for one.

Highlighted
Enthusiast

Thanks for your response on

Thanks for your response on my issue.

i will apply it abd update you back if it works.

thanks a lot again.

Warm Regard's
Amit Sahrma
Highlighted
Enthusiast

as i have installed dual nic

as i have installed dual nic license, but using single NIC on EXPE..

will i get the option to enable STATIC NAT mode option on IP Configuration?

!

 

what address need to add in STATIC NAT of EXPE section?

!

 

Warm Regard's
Amit Sahrma
Highlighted
Cisco Employee

If you have the Advanced

If you have the Advanced Networking option key (Dual NIC) you get two things.

1) Ability to use the second interface.

2) Ability to use the Static NAT functionality.

 

The Static NAT Address is effectively your Public IP for the Expressway-E.

Highlighted
Cisco Employee

You've typed qcci.com so the

You've typed qcci.com so the SRV lookup will go to _collab-edge._tls.qcci.com. Ive checked and there are no _collab-edge records for that domain so the error message is accurate.

 

Try username@gcci.org and the edge record should resolve.

-P

CreatePlease to create content