Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5018
Views
20
Helpful
8
Replies

EXPWYC Traversal Zone TLS negotiation Failed

YAARUB F. MILAD
Level 1
Level 1

‎04-29-2015 02:38 AM - edited ‎03-18-2019 04:24 AM

Hello,
 
I have an issue with EPWYC Traversal Zone once I configured it and saved I got the following issue:
 
 
SIP: Failed to connect to (IP<x.x.x.x>):7001 : Connect failed
 
what could be the reason for this. where to look ?
 
Thanks all
Labels:
0 Helpful
8 Replies 8

YAARUB F. MILAD
Level 1
Level 1

‎04-29-2015 05:22 AM

I am using dual interfaces on EXPWYE and E's FQDN isn't reachable by C

0 Helpful

moyo oyegunle
Level 1
Level 1
In response to YAARUB F. MILAD

‎04-29-2015 01:06 PM

You can try the following.

1 First try and confirm network reachability to the Lan facing ethernet interface of the Exp-e. You can use the Ping, traceroute tools also try pinging the hostname of the expressway-e(This should help you check you have the correct DNS records) it should resolve to the internal IP.

2 You should look in the 1st DMZ , the Cisco Expressway guide provides ports that are required to be open or mapped(http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Basic-Configuration-Deployment-Guide-X8-1.pdf). Kindly make sure yours are.

3 If the above are fine you should make sure you have configured the Traversal Zone on the EXP-E to also use the same port as you did on the EXP-C.

4 You can look at status - logs - network logs to see network data.

0 Helpful

YAARUB F. MILAD
Level 1
Level 1
In response to moyo oyegunle

‎04-30-2015 12:56 AM

I have solved the issue and it was due to inappropriate Cert template

ahmed mahmoud
Level 1
Level 1
In response to YAARUB F. MILAD

‎10-12-2017 05:18 AM

This is mean that i can`t create zone before creating cert ?

Patrick Sparkman
VIP Alumni
VIP Alumni
In response to ahmed mahmoud

‎10-12-2017 09:05 AM

You can create a UC Traversal Zone before you get a certificate, but the it won't become active without a valid certificate on the Expressway-C that matches the subject name that you enter in the zone you created on the Expressway-E.

ahmed mahmoud
Level 1
Level 1
In response to Patrick Sparkman

‎10-15-2017 12:09 AM

Thanks friend , I have other question , How can expressway E know FQDN of expressway C although i put external domain on expressway E , how connectivity through internal dns occur ?

0 Helpful

Debayan Chowdhury
Cisco Employee
Cisco Employee
In response to ahmed mahmoud

‎10-15-2017 09:04 PM

Expressway E knows about the FQDN of the Expressway C when u enter the same while creating Traversal/UC Traversal Zone on the same. 

Expressway E doesn't initiate any connection however accepts the connection from Expressway C based on the port number configured on the UC Traversal and Traversal Zone , thus it learns about the IP address of Expressway C.  

 

 

0 Helpful

ahmed mahmoud
Level 1
Level 1
In response to Debayan Chowdhury

‎10-16-2017 12:10 AM

Big thanks :)

0 Helpful
Customers Also Viewed These Support Documents