Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
809
Views
0
Helpful
6
Replies

WebEx On Prem - Split Horizon Config Issues

Jessica Cochran
Level 1
Level 1

‎03-22-2017 01:24 PM - edited ‎03-17-2019 06:46 PM

We are attempting to stand up an On Prem Web Ex environment and we are so close but we are obviously missing something vital. We are unable to access the links externally .... 

We believe we misconfigured something along the way with the IRP but we have no idea where to start.

Has anyone encountered this before? Everything works great internally but externally we are unable to access the site or join a meeting from an invite?

Any help would be greatly appreciated.

Labels:
0 Helpful
6 Replies 6

dpetrovi
Cisco Employee
Cisco Employee

‎03-22-2017 01:42 PM

Hi Jessica,

First thing to check is if you can access WebEx site from your internal machines by forcing them to access WebEx Site URL using Public VIP. If your Internal DNS server resolves WebEx Site URL to Private VIP and that works fine, on the internal PC, edit c:\windows\system32\drivers\etc\hosts file (open Notepad with Run as Administrator, go to FIle > Open) and add Public VIP IP address space and put WebEx Site URL. For example:

192.168.0.1      wbxsite.domain.com

where 192.168.0.1 is your Public VIP address.

Save the changes.

On your PC try to ping WebEx Site URL and confirm it resolves to Public VIP.

Make sure you can telnet to that webex site URL using port 443 (so that your DMZ firewall allows access to Public VIP on port 443).

And then in your browser enter WebEx Site URL and see if it will open the page successfully.

If that works fine, your IRP is set properly and you need to check what is happening on the External Firewall.

For IRP ETH0 and Public VIP, are you using public IP addresses, or you use your DMZ IP addresses, but then NAT-ing a public IP address to Public VIP?

If you are NATing public IP address to Public VIP, then on the External DNS server (on the Internet), your WebEx Site URL should resolve to the NAT public IP address.

Let me know if this helps.

-Dejan

0 Helpful

Jessica Cochran
Level 1
Level 1
In response to dpetrovi

‎03-23-2017 09:32 AM

I tried your scenario on a TEST VM on our Internal Network using the Public VIP and the page does display correctly. 

But when i tried externally it still returns a Page cannot be displayed? What could we be missing? 

0 Helpful

dpetrovi
Cisco Employee
Cisco Employee
In response to Jessica Cochran

‎03-23-2017 09:47 AM

So, if it is working fine when trying to access Webex Site using Public VIP from internal machine, that means your CWMS is configured correctly and you need to correct either External DNS or External Firewall configuration.

Can you please share with me the following:

1. For IRP ETH0 and Public VIP, are you using public IP addresses, or you use your DMZ IP addresses, but then NAT-ing a public IP address to Public VIP?

2. If you are NATing public IP address to Public VIP, then on the External DNS server (on the Internet), your WebEx Site URL should resolve to the NAT public IP address.

Dejan

0 Helpful

Jessica Cochran
Level 1
Level 1
In response to dpetrovi

‎03-23-2017 12:06 PM

We are using option 1 that you noted above. The DMZ addresses and then Natting to the Public IP

Externally our link does resolve with the correct external IP address. 

But we receive page cannot be displayed externally... 

0 Helpful

dpetrovi
Cisco Employee
Cisco Employee
In response to Jessica Cochran

‎03-23-2017 12:10 PM

If that is the case, you need to check your External Firewall configuration and that NATing is done without any proxying or anything similar. We support only basic NATing: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_7/Planning_Guide/cwms_b_cwms-planning-system-requirements-2-7/cwms_b_cwms-planning-system-requirements-2-7_chapter_011.html#reference_29638B696B004705B2916A1620A9D733

-Dejan

0 Helpful

Jessica Cochran
Level 1
Level 1
In response to Jessica Cochran

‎03-23-2017 12:11 PM

Ok I take that back i just was able to access the page externally...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents