06-28-2018 03:23 PM - edited 03-17-2019 01:07 PM
We have strange kind of implementation so people have to think not the normal way of implementation
Our client must have to use VPN connection. its a must. jabber client they want to use. after establishing the vpn and tried to make call they were able to establish calls but cannot no voice traffic between end parties.
because of limitation of VPN concentrator to route the call between end points we were forced to use expressway just to route the voice call.
This accomplish our voice issue. they were able to hear voice. ie expressway inside VPN connection. After getting into VPN users will not get internet access.
CUCM,IMP,CUC, Expressway C and Edge are all in one vlan and one subnet.
collab-edge srv added in our DNS. whether the users through vpn or locally all will use collab-edge. its not hosted in public but internally as if like lab environment. another DNS server we used for cisco-uds srv. its a standalone dns server with all dns entries required. This is the dns server for expressway C.
but today for some reason none of our clients are able to login to jabber. users are ldap users.
either ill get message cannot communicate with server or username or password is incorrect message.
our security engineer had made some changes since all our traffic are now passing through expressway Edge. so he changed so many policies which were working when there was no expressway in picture.
now when i checked firewall i foound client PC traffic is blocked to cucm publisher with 8443. I didnt understand how this is happening actually it should be only from expresswau and how jabber client is requesting to cucm for login authentication instead of expressway.
I want to know how the ldap authentication process is happening in normal expressway and in our scenario happening.
should we open 8443 from jabber client network to cucm publisher and cucm subscriber.
When we tried self care portal for cucm subscriber i found i cannot login to it. it gives error and usrname and passware is incorrect. is it correct to have like that for subscriber? dont know its getting blocked or not.
Solved! Go to Solution.
07-03-2018 06:06 AM
06-28-2018 05:45 PM
let me get this clear. are you using MRA or are you using Jabber after connecting to your corporate networks, using a VPN?
06-28-2018 10:04 PM
06-28-2018 06:00 PM
06-28-2018 10:18 PM
Thank you for your reply.
users LAN: network A
cucm,cuc,imp,exp c, exp e : network B
AD, integrated DNS, stand alond DNS : network C
But my question is if users are passing through Expressway and if it is UDS why the port (eg. 8443) from user LAN need to open to cucm LAN. Actually that even for UDS port request should be open only to expressway E only right?
that is the one making me confuse. Today im planning to open port 8443 from user LAN to cucm pub and sub. but as per the document you shared we already opened sip(5061), XMPP(5222), UDS(8443) to expressway E from user LAN. But we can see a direct traffic for port 8443 from user LAN to cucm servers is passing which are blocked now.
I think jabber client is getting confused whether to behave as MRA or VPN connection.
07-03-2018 06:06 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide