Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3332
Views
5
Helpful
15
Replies

Voice is not working in Cisco Jabber

Go to solution
Alexander Rusin
Level 1
Level 1

‎11-24-2025 08:39 AM

Hello, friends, help me.,

I have configured the expressway c\e vX14 bundle package.3.7, CUCM v14.0.1.13900, IM v 14.0.1.13900

everything works from the local network, cisco jabber connects, calls and voice passes


But from the global network, the chat is working, the call (alarm) is going through, but there is no voice in both directions. Although jabber says that all services are connected

The firewall used is Cisoc ASA
exspressway-c is on the same network as CUCM and IM
exspressway-e is in the DMZ zone
No nat is configured between the exspressway-c and exspressway-e servers and the entire IP is open.
Ports 8443,5060,5061,5222 have been opened and forwarded from the global network

What could be the problem?

 

 
 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to Alexander Rusin

‎12-10-2025 01:42 AM - edited ‎12-10-2025 01:43 AM

 

CSA is not something you need to deploy. Go to https://cway.cisco.com/csa-new. You can upload the logs there, and there is also another option, CollabEdge Validator, which requires you to provide end user login credentials to test the MRA.

 

NithinEluvathingal_0-1765359825896.png

 



Response Signature


View solution in original post

Go to solution
Alexander Rusin
Level 1
Level 1
In response to Alexander Rusin

‎12-10-2025 04:18 AM

bottom line, for those who will also be tormented by a rake
to work with one interface.

from the outside, open and static nat on the ports

object-group service Expressway-E
service-object tcp destination eq 8443
service-object tcp destination eq 5222
service-object tcp destination eq 5061
service-object udp destination range 36000 59999
service-object udp destination eq 5061

object service Expressway-UDP
service udp source range 36000 36100

object network Expressway-E
host 192.168.230.205

object network Expressway-C
host 192.168.33.205

object network extendad-ip
host 111.77.111.197

nat (DMZ,outside_nl) source static Expressway-E interface service Expressway-tcp_5222 Expressway-tcp_5222
nat (DMZ,outside_nl) source static Expressway-E interface service Expressway-tcp_8443 Expressway-tcp_8443
nat (DMZ,outside_nl) source static Expressway-E interface service Expressway-tcp_5061 Expressway-tcp_5061
nat (DMZ,outside_nl) source static Expressway-E interface service Expressway-UDP Expressway-UDP

Be sure to send exptressway-C static NAT to an external address
nat (inside,DMZ) source static Expressway-C Expressway-C destination static extendad-ip Expressway-E

static noNat between servers C and E

nat (inside,DMZ) source static any any destination static Expressway-E Expressway-E no-proxy-arp route-lookup

View solution in original post

0 Helpful
15 Replies 15

Go to solution
Mohammadreza Hadi
VIP
VIP

‎11-24-2025 08:51 AM - edited ‎11-24-2025 08:54 AM

on Expressway Edge >> no need of port 5060 >> remove it >> keep only 5061 , 8443 , 5222 (all tcp)

also, you must open a UDP range of port for Voice & Video traffic >> starting with 36000 udp & end with 59999 udp

almost for each one call through expressway, you will need 2 udp port
so assume you want to handle 100 calls simultaneously through expressway >> you need 200 port udp

so >> open port 36000 UDP To 360200 UDP >> on Expressway Edge

then test call again..

also, do a system reboot will be good..

(on my own projects >> i open port 36000 UDP  To  38000 UDP >> for make sure maximum capacity be existed..!!!


(Rate by "Helpful" or "Accept") (محمدرضا هادی_ایران) (Email: morez.hadi@gmail.com)
0 Helpful

Go to solution
Alexander Rusin
Level 1
Level 1
In response to Mohammadreza Hadi

‎11-24-2025 09:47 AM

It didn't help , even the counters don't work out for incoming ACLs
, and there are no votes for this rule either.

access-list OUTSIDE_nl line 9 extended permit udp any host 192.168.2.5 range 36000 59999 (hitcnt=0) 0

0 Helpful

Go to solution
Alexander Rusin
Level 1
Level 1
In response to Mohammadreza Hadi

‎12-09-2025 07:10 AM - edited ‎12-09-2025 07:13 AM

I'm in a complete stupor.
I have redesigned the scheme for an implementation with two network cards. moreover, I put esxpdessway C and E in the same subnet, without a firewall, and still there is no voice!
The log analyzer also writes the error of changing the sip between E and C, but there is simply nothing there to change the traffic now.

a= fmtp:126 profile-level-id=42801F;packetization-mode=1;level-asymmetry-allowed=1;max-fs=3601;max-rcmd-nalu-size=1344,,is different than:, ,a=fmtp:126 profile-level-id=42801F;packetization-mode=1;level-asymmetry-allowed=1;max-fs=3601;max-rcmd-nalu-size=1344,a=rtpmap:126 H264/9000 0

 

 

I have a question:
do you need a license for expressway to work with media and voice in MRA mode?

 
 

 

 

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to Alexander Rusin

‎12-09-2025 09:30 AM

No there are no license needed for MRA.



Response Signature


Go to solution
Nithin Eluvathingal
VIP
VIP
In response to Alexander Rusin

‎12-09-2025 10:01 AM

What is your Dual NIC configuration? Have you mentioned the NAT IP on the External Interface on the Expressway E interface page? As @Roger Kallberg  mentioned, there is no license required for MRA.

 

Can you explain a little more of your setup and if possible share the configuration screenshots.



Response Signature


0 Helpful

Go to solution
Alexander Rusin
Level 1
Level 1
In response to Nithin Eluvathingal

‎12-09-2025 06:12 PM

 

Yes, at the moment the circuit has been converted to a dual network interface.
and even simplified the scheme to this

AlexanderRusin_0-1765332602014.png

 

ASA

access-list OUTSIDE_nl line 9 extended permit tcp any host 192.168.230.205 eq 8443
access-list OUTSIDE_nl line 9 extended permit tcp any host 192.168.230.205 eq 5222
access-list OUTSIDE_nl line 9 extended permit tcp any host 192.168.230.205 eq 5061
access-list OUTSIDE_nl line 9 extended permit udp any host 192.168.230.205 range 36000 59999
access-list OUTSIDE_nl line 9 extended permit udp any host 192.168.230.205 eq 5061
access-list OUTSIDE_nl line 9 extended permit udp any host 192.168.230.205 range 3478 3483
access-list OUTSIDE_nl line 9 extended permit udp any host 192.168.230.205 range 24000 29999

nat (DMZ,outside_nl) source static Expressway-E interface service Expressway-tcp_5222 Expressway-tcp_5222
nat (DMZ,outside_nl) source static Expressway-E interface service Expressway-tcp_8443 Expressway-tcp_8443
nat (DMZ,outside_nl) source static Expressway-E interface service Expressway-tcp_5061 Expressway-tcp_5061
nat (DMZ,outside_nl) source static Expressway-E interface service Expressway-udp_5061 Expressway-udp_5061
nat (DMZ,outside_nl) source static Expressway-E interface service Expressway-UDP Expressway-UDP

AlexanderRusin_1-1765332634345.jpegAlexanderRusin_2-1765332659936.jpeg

CUCM ip 192.168.33.203,204

IM ip 192.168.33.201

0 Helpful

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to Alexander Rusin

‎12-09-2025 09:00 PM

Do you see UDP traffic on the firewall?
The Expressway E configuration appears to be correct, unless I missed something.
What do you see on the CSA tool in the CollabEdge Validator?



Response Signature


Go to solution
Alexander Rusin
Level 1
Level 1
In response to Nithin Eluvathingal

‎12-10-2025 01:36 AM

Unfortunately, I don't have the CSA deployed.

the fact of the matter is that all counters from an external address to an internal one over UDP = 0

host 192.168.230.205 range 36000 59999 (hitcnt=0)

host 192.168.230.205 eq 5061 (hitcnt=0)

host 192.168.230.205 range 3478 3483 (hitcnt=0)

host 192.168.230.205 range 24000 29999 (hitcnt=0)

at the same time, there are counters in nat

24 (DMZ) to (outside_nl) source static Expressway-E interface service Expressway-UDP Expressway-UDP
translate_hits = 3753, untranslate_hits = 72715

object service Expressway-UDP
service udp destination range 36000 59999

object network Expressway-E
host 192.168.230.205

 

0 Helpful

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to Alexander Rusin

‎12-10-2025 01:42 AM - edited ‎12-10-2025 01:43 AM

 

CSA is not something you need to deploy. Go to https://cway.cisco.com/csa-new. You can upload the logs there, and there is also another option, CollabEdge Validator, which requires you to provide end user login credentials to test the MRA.

 

NithinEluvathingal_0-1765359825896.png

 



Response Signature


Go to solution
Alexander Rusin
Level 1
Level 1
In response to Nithin Eluvathingal

‎12-10-2025 02:15 AM

Yes, I tested the logs there.

0 Helpful

Go to solution
Alexander Rusin
Level 1
Level 1
In response to Alexander Rusin

‎12-10-2025 01:50 AM

Well, I found my mistake!

service udp SOURCE range 36000 59999

 
 

 

 

0 Helpful

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to Alexander Rusin

‎12-10-2025 03:25 AM


Which means the issue was from your firewall. I hope your issues have been fixed.
As @Mohammadreza Hadi  mentioned, if you have 5060 opened from outside, this is not required and it must be the secure one, 5061.



Response Signature


Go to solution
Alexander Rusin
Level 1
Level 1
In response to Nithin Eluvathingal

‎12-10-2025 04:07 AM

port 5060 is not open

0 Helpful
Customers Also Viewed These Support Documents