Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1342
Views
0
Helpful
4
Replies

Issues getting CMS WebRTC to work via Expressway

Nick Halbert-Lillyman
Level 8
Level 8

‎06-01-2017 07:02 PM - edited ‎03-18-2019 01:10 PM

Hi All,

I'm trying to configure the CMS WebRTC via Expressway feature as per the following guide: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/CMS-Expressway-Deployment-Guide_X8-9-2.pdf

And using the firewall ports guide here: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/Cisco-Expressway-IP-Port-Usage-for-Firewall-Traversal-Deployment-Guide-X8-9-2.pdf

I've set everything up and can sign in, but when I try to launch video, the page says "lost connection to server" and fails.  When I look on the Expressway-E, it shows a turn relay in use when it's attempting to connect.

The firewall guide says I need to configure NAT reflection but they are a bit light on the detail - I think I've done it correctly but I might be missing something.

The strangest part is that I'm seeing drops on my firewall from my Expressway-E to the external PC's *private* IP address - 192.168.x.x.  While I could certainly permit this traffic, it's never going to reach the PC anyway as it's a private IP.

access-list DMZoutside_access_in denied udp DMZoutside/(Exp-E Outside IP) (24000) -> outside/(PC's private IP - 192.168.x.x) 

There don't appear to be any other drops to or from relevant IPs (Exp-C, both Exp-E addresses, external PC public IP, CMS IP)

I suspect I'm missing something in either the NAT or TURN config - any ideas much appreciated :)

Labels:
0 Helpful
4 Replies 4

Patrick Sparkman
VIP Alumni
VIP Alumni

‎06-01-2017 11:34 PM

Does it work if you browse to the CMS itself, and not via Expressway?

Are your certificates in place for Call Bridge, Web Bridge, XMPP?

Does your Web Bridge trust your Call Bridge certificate?

Do you have CMS configured to use TURN services on the Expressway-E?

0 Helpful

Nick Halbert-Lillyman
Level 8
Level 8
In response to Patrick Sparkman

‎06-02-2017 11:01 PM

Hi Patrick - Web bridge works fine internally, when not using Expressway certs are all good and the web bridge trusts the call bridge cert.

CMS is configured to use Exp-E as its TURN server, when I try to start video the Expressway even shows a TURN relay in use.

0 Helpful

Nick Halbert-Lillyman
Level 8
Level 8
In response to Patrick Sparkman

‎06-04-2017 09:52 PM

Just to follow up on this, the TAC worked with me to fix it.


Initially, the TAC re-added Expressway-E TURN server via the API instead of using the GUI.  In addition, I was missing outbound port UDP/3478 (I had TCP/3478 only).

0 Helpful

Natee Osatis
Level 1
Level 1
In response to Nick Halbert-Lillyman

‎02-24-2019 11:12 PM

Hi Friend,

 

Can you share what api command to enable TURN outbound port UDP/3478 for me please? I found same problem with you and tried to found out what the issue is.

0 Helpful
Customers Also Viewed These Support Documents