Re: Zultys phones related issue

MriduD · ‎05-27-2023

So, the vendors have installed zultys phone at client's location, whose internet/WAN router is managed by us.

All the requested ports have been opened on the router. And Fqdn has been routed to the local IP address of the phone system by using dns routing. But they have reported saying that their phone app doesn't work only when they are connected to their office wifi. What can be the issue? If needed, I'll share more details . Please help/advise.

Flavio Miranda · ‎05-27-2023

Hi

Share the config from the router.

From the wifi network, can you ping the phone system? By IP or name?

MriduD · ‎05-27-2023

Ya . I was able to ping and on doing nslookup to the fqdn, it resolves correctly. I'll share tomorrow

MSD1001 · ‎05-29-2023

MSD1001 · ‎05-29-2023

Flavio Miranda · ‎05-29-2023

Hi

This can be a DNS problem. This url phones.plumbersandfactory.com is a public url as I can resolve from my PC

C:\Users\xxxx>nslookup phones.plumbersandfactory.com
Servidor: b5d58402.virtua.com.br
Address: 181.213.132.2

Não é resposta autoritativa:
Nome: phones.plumbersandfactory.com
Address: 71.67.36.115

so, the wifi users need to use a external DNS (Internet access) in order to be able to get the phone system IP address using this URL.

Plus, they will get a public IP address. Is that correct? Those wifi users have access to the internet and they can call the phone system using the internet?

If you connect a PC to this WIFI and run "nslookup phones.plumbersandfactory.com" what is the result?

MSD1001 · ‎05-29-2023

If you connect a PC to this WIFI and run "nslookup phones.plumbersandfactory.com" what is the result?

C:\Users\jprice.DATATALK>nslookup phones.plumbersandfactory.com
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Non-authoritative answer:
Name: phones.plumbersandfactory.com
Address: 10.1.6.22

Flavio Miranda · ‎05-29-2023

Got it. So, theres a internal DNS server resolving to 10.1.6.22.

But you ACLs only have 71.67.36.115. Would be necessary to permit also this 10.1.6.22?

MSD1001 · ‎05-29-2023

10.1.6.22 is the internal phone ip address. Shall I add that to the fromoutside ACL ? Wont this take care of that ? ip nat inside source static 10.1.6.22 71.67.36.115 ? I am not very sure actually. Because they are able to connect to the app if they are on their mobile data or any other wifi. It's just their office wifi which doesn't allow the connection.

Flavio Miranda · ‎05-29-2023

Got it. The server is internal and the wifi users get an IP and do directly to the server. In which interface on the router the wifi users is ?

The server is here, right?

!
interface Vlan1
description to local LAN
ip address 10.1.6.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip policy route-map nonat
!

And what about the wifi users? which Ip address they get?

MSD1001 · ‎05-29-2023

i am not sure where the wifi users are connected to on the router. I have emailed them asking that.

But when I checked on one of their laptops connected to their office wifi after going to ipchicken on the browser, it gave me the same address as that assigned to the router's WAN interface, 71.67.36.114.

Flavio Miranda · ‎05-29-2023

My suspicious is that use from wifi network is going out to the internet but trying to reach the IP address they got on the internal DNS.

They can possibly be crossing some interface with NAT instead going directly to the server. If they resolve the URL to 10.1.6.22 they can not go to the internet, they need to call the server directly.

If they are going to internet, they need to get the IP address 71.67.36.114 while translating the URL.

Another possible problem could be the option 66. But let´s first understand the flow.

MSD1001 · ‎05-30-2023

I have used 71.67.36.115 instead of their WAN IP.

Flavio Miranda · ‎05-30-2023

Sorry?

Did you find from where the wifi traffic comes and goes ?