Jabber MRA - no audio on calls from mobile app

mbrown-revitycu · ‎06-09-2022

We have recently set up two VMs as an Expressway-C and an Expressway-C in our environment, with the end goal being able to use Jabber MRA on devices outside our network, along with getting Telepresence devices set up in some of our branches. It has been a bit of a struggle so far, to say the least. I’ll try to be as detailed as I can while also being as succinct as possible.

Our setup is with our Expressway-C in our internal network, and our Expressway-E in our DMZ. We have one firewall that connects the internal network to the DMZ, and the DMZ to the outside.

First attempt we set up Exp-E on the DMZ without any static NAT or other external/public address on it. In this configuration calls from the Jabber app on mobile can be placed and connected. The target device will ring, and the call can be picked up. But – there is no audio heard on either device. Also, IMs can be sent and received from the Jabber app, but they do not “sync” to the desktop app.

We reached out to TAC. One problem they pointed out in their response was that RTP packets weren’t being received as expected on the devices making/receiving the calls, and we should check they weren’t being blocked by a firewall. We checked our firewall, and this is not happening. We also receive a warning about “UDP sent but not received” by Exp-E. This based on our firewall settings, should not be a problem either.

Another thing they pointed out was that our Exp-E had no public IP address on it. So we left Exp-E at the same internal IP address as when we first set it up, while also setting it to statically NAT to an address in our public address space. Upon doing this, things in Jabber MRA start to go even more wrong.

With this change made, mobile devices can still connect to IM and Phone services. IMs can once again be sent and received successfully. BUT – attempting a call from Jabber mobile does nothing. No call is connected, no devices ring, just nothing at all.

We’re at our wit’s end with this. Nothing at all that we try can get us over the finish line. I am posting this in hopes that someone here might have encountered similar issues and actually discovered the solution that allowed them to fully utilize their Jabber MRA setup.

Thanks.

Adam Pawlowski · ‎06-13-2022

Offhand, there are some caveats in the design guide for having this sort of NAT arrangement, an how to configure the Expressway - E.

The firewall may also be trying to "help" with some sort of ALG doing fixup or re-writing your traffic, which would cause lost audio or other communications issues.

If you can inspect your traffic to/from the Expressway - E, hopefully it will be a bit more clear if this is happening. The Expressway - C doesn't require inbound access from the E, it just requires access outbound to it for that to work. The number of ports required for the E inbound are large and it is a bit cumbersome to review the guides to get a composited list, but it is not insurmountable.

At that point, the challenges are on configuring DNS properly, then reviewing the notes/caveats on using static NAT for the Expressway E. I haven't done that myself, but I know that it's called out in the guides as requiring care.