cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13429
Views
38
Helpful
55
Replies
Highlighted
Beginner

You should enter your public

You should enter your public IP address in the Field "IPv4 static NAT address" not the local address.

Anyway, you may have some media problems in this scenario, make sure you have all the NATs (or PATs in your case) allowing the media traffic correctly.

Highlighted
Beginner

HI tigrepojke.Can you confirm

HI tigrepojke.

Can you confirm your CUCM version when you deployed this scenario? You wrote in the post that was using 9.1(2), that's 9.1.2.10000-28, correct?

 

Thank you very much.

 

 

Highlighted

9.1.2.11900-12 

9.1.2.11900-12
 

Highlighted

Worked it outBy default when

Worked it out

By default when installing Expressway-E it gets a couple of NICs for internal/external and is required if you cluster them and if you deploy it in a 2 leg scenario, more info in the guides on that stuff.

 

We have ours in the DMZ as a router-on-a-stick type setup and it is NAT'd to the outside world, so we only need the 1 NIC

 

In the Expressway-E config go to System>IP and you will see the couple of NICs, look for the setting "Use dual network interfaces" and set it to No.  Requires a restart

 

Highlighted

Something else that is

Something else that is important.

After changing the above I could log in from outside but I had no-way voice. Going back into System>IP on the Expressway-E there is a box called 'IPv4 static NAT address' and you must populate that with your Public IP of the Expressway-E.  It will require a reboot under Maintenance>Restart Options to take affect.

After that I had voice in both directions

This is for an Expressway-E in a DMZ with one NIC that is setup like a router-on-a-stick with Static NAT.

Highlighted
Beginner

Hi tigrepojkeExcellent Post -

Hi

 

 

 

 

Beginner

This worked for me too.  Just

This worked for me too.  Just wanted to confirm.

Highlighted
Enthusiast

Looking at the attached run

Looking at the attached run the diagnostics on your presence servers to see if there are any errors or if any presence services need to be restarted. If that is clear confirm the permissions the SOAP/AXL user on the presence servers. Also check the white list check that they hostnames/IP addresses are exactly the same that is in your UC Services profile

Highlighted

Hello HeathThe Presence

Hello Heathrw

The Presence servers are ok and all services running, the username used on the Expressways for discovering the CUCM and Presence servers has Standard AXL API rights.

I checked the whitelist and it had the Unity servers in there with same hostname as on my CUCM Services profile, I also just now added in the Webex and LDAP servers to the whitelist that are in my Services profile just to be sure. Same result when trying to log in externally

Appreciate the suggestions so far.

 

The attached screenshot seems to have a problem with Jabber not running on the Expressway-E as opposed to problem with the Presence servers internally

Highlighted

 Hi tigrepojke and heathrw

 

 

Highlighted

  Hi tigrepojke and heathrw

 

 

Hi tigrepojke and heathrw,

Just got into similar problem while looking into configuration for MRA.

- I do have CUCM 10 and CM IM&P 10 with Expressway X8.1.1

- Done with DNS SRV and A records for internal and External DNS and verified by nslookup. 

- We have deployed the ExpressWay E as in Router on stick on DMZ natted with Public IP ( Same as user "tigrepojke" scenario )

- Configured ExpressWay C And E with TLS ON and certificates being uploaded and do have a Active status in Unified communication and Traversal zone.

I am using Cisco Jabber 9.7 for Windows but when i am trying to sign in from outside I am getting an error, "cannot communicate with the server"

 

Here I am kind of lost to where and which part needs to be checked or where to further dig into?

Your assistance and help would be appreciated.

Let me know if you guys need any more detail.

P.S. I have attached screenshot for your reference

Regards

M Taha

Highlighted

With that error message it

With that error message it suggests your DNS is incorrect. If you have it right then your Jabber client on the outside should throw up certificate errors for the Expressway-E (if using self-signed)

 

Check you can resolve the external srv record ( _collab-edge._tls.<yourdomain>)  from outside your network, you said you have done nslookup but it is easy to resolve the external srv record internally if you are using a machine on your network. Change the dns server to an external one for testing purposes

 

_collab-edge._tls.<yourdomain>   

 

Example - open up cmd prompt

type in     nslookup       (enters nslookup mode)

type in    server 8.8.8.8   (changes default server to googles for this test)

type in    _collab-edge._tls.domain.com

 

If your external DNS is correct you should get it resolved to your Expressway-E's public IP address

 

 

If the DNS part is ok then check logs as per heathrw's advice 

 

"you can do a TCP dump on the ExpresswayE and set level logging to 2 to see what is happening on that side"

 

 

Highlighted

 Hi tigrepojkethank you for

 

Hi tigrepojke

thank you for responding to my query.

Well, Yes we have tested it from external side and DNS resolves perfectly when it is outside the corporate network.

The next thing that you have mentioned is, 'TCP dump and set level logging to 2" .

Could you possibly elaborate how to do that exactly.

Another question,

About 'Jabber-config.xml' file do we have to create and upload it to tftp servers? Is it mandatory if you are using Jabber 9.7 for Windows?

Regards

M Taha

 

Highlighted

You can get some logging via

You can get some logging via Maintenance>Logging and then set it to 4, you can send it to a Syslog server or view it in the webgui via Status>Logs>Event Logs

 

If you need to get more developer style logs then see this link, I followed this when I implemented it and although I didn't need TCP dump logs the info is there on how to do it

http://ciscocollab.wordpress.com/2014/01/29/deploying-collaboration-edge/

 

"The best place I found to troubleshoot this stuff was by putting the Expressway-C and E in “Devel mode” to enable the Experimental menu.  (Instructions for this are found on p.207 of the admin guide.)  The reason for this is because the CollabEdge/MRA feature is still considered experimental.  You need to look at the Developer Logs.  You can enable them for debug level as well as collect a tcpdump."

 

Before you do logging, I would make sure your Expressway-E can resolve all your UC servers by IP and DNS, do that by going to Maintenance>Tools>Network Utilities and using the PING and DNS Lookup tools

I made sure I could get them via IP, hostname and FQDN for example

Ping 10.1.1.1

NSlookup  CUCM01

Nslookup CUCM01.mydomain.com

Highlighted

 Thanks for the info. I will

 

Thanks for the info. I will try that logging.

Just a quick question, As In your latter part, you have mentioned Express-Way E can resolve all your UC servers.

Actually, here I am bit confused. As all UC servers can be resolved by Host name, FQDN at the ExpresWay C end. No issues at all

 

But from ExpressWay-E, How it can possibly resolve it as it has the external DNS server IP configured. It can Ping those UC servers though but I didn't actually get this point without the local DNS IP, how it supposed to resolve the hostname? does it have to ?

Regards

M Taha

 

 

CreatePlease to create content