Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9388
Views
0
Helpful
13
Replies

Event="Inbound TLS Negotiation Error" Service="SIP" Src-ip="x.x.x.x" Src-port="yyyy" Dst-ip="z.z.z.z" Dst-port="s.s.s.s" Detail="No SSL error available, probably remote disconnect"

FinningCL
Level 1
Level 1

‎03-28-2013 06:55 AM - edited ‎03-18-2019 12:50 AM

When I try to connect from outside of the LAN I can connect my laptop to Jabber Video and the message error on the log of VCS Expressway is

Event="

Inbound TLS Negotiation Error

" Service="

SIP

" Src-ip="

x.x.x.x

" Src-port="

yyyy

" Dst-ip="

z.z.z.z

" Dst-port="

ssss

" Detail="

No SSL error available, probably remote disconnect

"

1 person had this problem
Labels:
0 Helpful
13 Replies 13

Martin Koch
VIP Alumni
VIP Alumni

‎03-29-2013 11:13 PM

Can you connect or does it fail? When do you see this error, directly when connecting the first time

or after some time?

Maybe its just a lost connection or a firewall with a maximum tcp connection timeout?

Is the source ip the one from your computer/router? There are also a lot of port/serivce scans

which will show up differently in your logs, ...

Please remember to rate helpful responses and identify

0 Helpful

FinningCL
Level 1
Level 1
In response to Martin Koch

‎04-02-2013 05:29 AM

I can't connect from the Internet, only inside of the LAN. I never did a connection from outside.

I don't think that is a lost connection or firewall problems.

0 Helpful

ahmashar
Level 4
Level 4

‎04-01-2013 11:28 AM

can you post the output of your DNS lookup for your domain?

there is possibility that DNS SRV record for TLS is not configured correctly 

_sips._tcp.yourdomain.com     5061  

please check that. if you want a reference point, just lookup for SRV record
of cisco.com.
0 Helpful

FinningCL
Level 1
Level 1
In response to ahmashar

‎04-02-2013 06:10 AM

Microsoft Windows [Versión 6.2.9200]

(c) 2012 Microsoft Corporation. Todos los derechos reservados.

C:\Users\hvivar>nslookup sipvcs.finning.cl

Servidor:  UnKnown

Address:  172.18.236.99

Respuesta no autoritativa:

Nombre:  sipvcs.finning.cl

Address:  200.11.66.41

C:\Users\hvivar>nslookup vcs.finning.cl

Servidor:  UnKnown

Address:  172.18.236.99

Respuesta no autoritativa:

Nombre:  vcs.finning.cl

Address:  200.11.66.41

0 Helpful

ahmashar
Level 4
Level 4
In response to FinningCL

‎04-02-2013 06:29 AM

as you can see your SRV record is not configured correctly on your DNS server. a correct SRV record would look something like this:

Acisco.com.5405INA72.163.4.161
AAAAcisco.com.4505INAAAA2001:420:1101:1::a
SRV_h323ls._udp.cisco.com.3600INSRV1 0 1719 vcsgw.cisco.com.
SRV_h323cs._tcp.cisco.com.3600INSRV1 0 1720 vcsgw.cisco.com.
SRV_sips._tcp.cisco.com.2701INSRV1 0 5061 vcsgw.cisco.com.
SRV_sip._tcp.cisco.com.3600INSRV1 0 5060 vcsgw.cisco.com.
0 Helpful

FinningCL
Level 1
Level 1
In response to ahmashar

‎04-03-2013 05:19 AM

Can you tell me what command I must execute by to give these answer?

This is the answer today

C:\Users\hvivar>nslookup -querytype=srv sipvcs.finning.cl

Servidor:  UnKnown

Address:  172.18.236.99

finning.cl

        primary name server = polux.entelchile.net

        responsible mail addr = hostmaster-serv.entelchile.net

        serial  = 470

        refresh = 10800 (3 hours)

        retry   = 3600 (1 hour)

        expire  = 604800 (7 days)

        default TTL = 86400 (1 day)

C:\Users\hvivar>nslookup -querytype=srv vcs.finning.cl

Servidor:  UnKnown

Address:  172.18.236.99

Respuesta no autoritativa:

vcs.finning.cl  SRV service location:

          priority       = 10

          weight         = 10

          port           = 5061

          svr hostname   = sipvcs.finning.cl

This is correct or the problem is the same?

0 Helpful

ahmashar
Level 4
Level 4
In response to FinningCL

‎04-03-2013 06:10 AM

either login to your vcs and navigate to Maintenance > Tools > Network utilies > Nslookup  and type in there you domain name or use this site:

http://www.olark.com/gtalk/check_srv

//Ahmad

0 Helpful

FinningCL
Level 1
Level 1
In response to ahmashar

‎04-08-2013 06:07 AM

Ahmad,

I did the correction and the answer is this:

> _sips._tcp.finning.cl

Servidor:  UnKnown

Address:  172.18.236.99

Respuesta no autoritativa:

_sips._tcp.finning.cl   SRV service location:

          priority       = 10

          weight         = 10

          port           = 5061

          svr hostname   = sipvcs.finning.cl

_sips._tcp.finning.cl   SRV service location:

          priority       = 10

          weight         = 10

          port           = 5061

          svr hostname   = vcs.finning.cl

From inside the VCS Expressway it doesn't work because is inside the network and is not responding. When I try to connect it doesn't allow.

I checked the logs inside the VCS and this new connection is not registered.

0 Helpful

ahmashar
Level 4
Level 4

‎04-08-2013 07:29 AM

Hi Hugo,

but what you said at the beginning was that your jabber client cannot register from internet and you have no issue with the LAN registration. SRV record on DNS was now corrected for external jabber client and nothing to do with internal users.

Prehaps you want to restate the problem again and please do not skip any details.

0 Helpful

FinningCL
Level 1
Level 1
In response to ahmashar

‎04-08-2013 07:57 AM

Ahmad,

May be my answer wasn't right. I try to say that from the Internet still don't register the jabber client and the DNS SRV was created and is working. I don't see logs when I trying to connect my client. What I have to do now?

0 Helpful

ahmashar
Level 4
Level 4
In response to FinningCL

‎04-08-2013 08:26 AM

please enable DEBUG mode on VCSs (Maintenance > Diagnostics > Diagnostic log and change the options to DEBUG).

and then try to register your jabber clients, check the System > logs > event logs as well as Network logs adn see whether you see the subscribe request comes to VCSE at all? if yes, then post the error message you see there. if not, then you need to collect wireshark on Jabber client machine and possibly on your extrernal interface of your firewall to track the packets where get routed.

0 Helpful

Ovindo Prastyo Utomo
Level 1
Level 1
In response to ahmashar

‎09-26-2013 12:35 AM

Hi All,

I have similiar issue with Hugo,

but in my case I just use local DNS server for internal jabber client and use etc host for external jabber client in laptop.

Login and call from internal jabber works fine, but I can't login use jabber from external ( internet).

There is no firewall in my LAB topology,

just :

                                         -> MCU 5310

public -> router -> switch     -> VCS-E (static NAT 1:1)

                                         -> VCS-C

                                         -> TMS

VCS-E use single NIC and it NATed 1:1 to public.

and here is screen capture DNS lookup from my VCS-E and VCS-C.

Please advise..

thanks

Ovindo

0 Helpful

Martin Koch
VIP Alumni
VIP Alumni
In response to Ovindo Prastyo Utomo

‎09-27-2013 07:27 PM

I would recommend that you open a new thread for it.

If you use 1:1 NAT the Dual interface opinion is a requirement, is this in place?

The external ip needs to be configured and all communication (also for the traversal zone)

need to be done to the external ip.

Besides that, please check the deployment guides.

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

0 Helpful
Customers Also Viewed These Support Documents