03-22-2017 01:24 PM - edited 03-17-2019 06:46 PM
We are attempting to stand up an On Prem Web Ex environment and we are so close but we are obviously missing something vital. We are unable to access the links externally ....
We believe we misconfigured something along the way with the IRP but we have no idea where to start.
Has anyone encountered this before? Everything works great internally but externally we are unable to access the site or join a meeting from an invite?
Any help would be greatly appreciated.
03-22-2017 01:42 PM
Hi Jessica,
First thing to check is if you can access WebEx site from your internal machines by forcing them to access WebEx Site URL using Public VIP. If your Internal DNS server resolves WebEx Site URL to Private VIP and that works fine, on the internal PC, edit c:\windows\system32\drivers\etc\hosts file (open Notepad with Run as Administrator, go to FIle > Open) and add Public VIP IP address space and put WebEx Site URL. For example:
192.168.0.1 wbxsite.domain.com
where 192.168.0.1 is your Public VIP address.
Save the changes.
On your PC try to ping WebEx Site URL and confirm it resolves to Public VIP.
Make sure you can telnet to that webex site URL using port 443 (so that your DMZ firewall allows access to Public VIP on port 443).
And then in your browser enter WebEx Site URL and see if it will open the page successfully.
If that works fine, your IRP is set properly and you need to check what is happening on the External Firewall.
For IRP ETH0 and Public VIP, are you using public IP addresses, or you use your DMZ IP addresses, but then NAT-ing a public IP address to Public VIP?
If you are NATing public IP address to Public VIP, then on the External DNS server (on the Internet), your WebEx Site URL should resolve to the NAT public IP address.
Let me know if this helps.
-Dejan
03-23-2017 09:32 AM
I tried your scenario on a TEST VM on our Internal Network using the Public VIP and the page does display correctly.
But when i tried externally it still returns a Page cannot be displayed? What could we be missing?
03-23-2017 09:47 AM
So, if it is working fine when trying to access Webex Site using Public VIP from internal machine, that means your CWMS is configured correctly and you need to correct either External DNS or External Firewall configuration.
Can you please share with me the following:
1. For IRP ETH0 and Public VIP, are you using public IP addresses, or you use your DMZ IP addresses, but then NAT-ing a public IP address to Public VIP?
2. If you are NATing public IP address to Public VIP, then on the External DNS server (on the Internet), your WebEx Site URL should resolve to the NAT public IP address.
Dejan
03-23-2017 12:06 PM
We are using option 1 that you noted above. The DMZ addresses and then Natting to the Public IP
Externally our link does resolve with the correct external IP address.
But we receive page cannot be displayed externally...
03-23-2017 12:10 PM
If that is the case, you need to check your External Firewall configuration and that NATing is done without any proxying or anything similar. We support only basic NATing: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_7/Planning_Guide/cwms_b_cwms-planning-system-requirements-2-7/cwms_b_cwms-planning-system-requirements-2-7_chapter_011.html#reference_29638B696B004705B2916A1620A9D733
-Dejan
03-23-2017 12:11 PM
Ok I take that back i just was able to access the page externally...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide