Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1019
Views
0
Helpful
7
Replies

TMS systems are defaulting to the reachable on lan

Richard Piskac
Level 1
Level 1

‎10-19-2012 05:27 AM - edited ‎03-18-2019 12:00 AM

Hi all.

I have one question about correct settings for TMS.

My customer has a lots of endpoints. Many are behind the fw, but we have pat for the https - so regarding the admin guide - I set reachable on public internet.

TMS push then own FQHN from the network configuration to the endpoits. But after few days TMS changed own configuration to the: "Reachable on lan"???

In the status.xml is local IP. Endpoint is communicating with the TMS from the public IP. Admin guide and also Magnus said, that after that, it is possible, that will TMS change settings to the behind the FW in the case that the HTTP and HTTPS ports are closed.

Https port is opened and TMS changed his configuration. Is there something that I miss?

I solved this with persistent template and correct configuration, but my question is why is TMS changing the connectivity settings to the: Reachable on lan.

TMS is also behind the FW with the pat.

Thanks for any idea.

Richard

Labels:
0 Helpful
7 Replies 7

Magnus Ohm
Cisco Employee
Cisco Employee

‎10-19-2012 07:46 AM

Ok sounds like fun. So you have an endpoint on the public internet with a private ip?

If the ip is private on the endpoint, TMS defines this as lan. If it can communicate with this address then its reachable on lan pr definition. If that ip is not a private ip but a public then it will be reachable on the public internet.

But if you look at the communication in a wireshark trace, from what ip address does the packet come from, is this ip the same as the one ine the xml file?

Can you ping that private ip from the tms server?

I'm just a little confused with the local ip on the public network thin that you mentioned.

For the behind firewall the packet is
coming from an ip that does not
match the one in the xml
And tms cannot communicate
with that address.

Please let me know if im way off here

/Magnus

Sent from Cisco Technical Support iPhone App

0 Helpful

Richard Piskac
Level 1
Level 1
In response to Magnus Ohm

‎10-19-2012 08:14 AM

Hi Magnus,

sorry my mistake. I'll try explain my settings more detail:

TMS(10.0.0.2) - (10.0.0.1)FW1(93.0.0.50) - Internet - (44.0.0.30)FW2(192.168.1.1) - (192.168.1.2)EX90

FW1 https pat IP 93.0.0.50 -> 10.0.0.2

FW2 https pat IP 44.0.0.30 -> 192.168.1.2

EX90 //44.0.0.30/status.xml contain IP 192.168.1.2

192.168.1.2
, but in the TMS configuration we have 44.0.0.30. From TMS you are not able ping to the 192.168.1.2:-) but you are able make https connection to the 44.0.0.30 to reach the EX90.

In the wireshark is 44.0.0.30 like source address // local IP is not on the public network:-)

TMS is able communicate with IP 44.0.0.30, but this IP is different from the IP in the status.xml 192.168.1.2.

So the correct settings for this is behind FW?

Richard

0 Helpful

Richard Piskac
Level 1
Level 1
In response to Richard Piskac

‎10-22-2012 04:35 AM

Hi All,

I still have one more question. Admin guide 13.2:

Setting an endpoint in public

If your system is in public, not behind a firewall or behind a firewall that has opened up the HTTP or HTTPS ports, it is advised to change the system connectivity on the system to Reachable on Public Internet. This way it will also be possible for Cisco TMS to set up calls where the endpoint is calling out, and not only being called to.

So I think, that my settings are according to the admin guide.

My endpoints are behind the FW = status.xml and TMS IP for the endpoint are different(because the endpoint is behind the FW)

HTTPS port on the FW is opened = TMS has possibility communicate directly to the global IP(on the FW) to reach the endpoint.

But TMS every time change settings from the Reachable on Public Internet to the Reachable on LAN. Local IP from the status.xml is not reachable from the TMS (no VPN connectivity or something else).

Are you able explain me, why the TMS change settings for endpoint from Reachable on Public Internet to the Reachable on Lan? Or what I miss?

Regards.

Richard

0 Helpful

Magnus Ohm
Cisco Employee
Cisco Employee
In response to Richard Piskac

‎10-22-2012 07:07 AM

Hi Richard

On the system that this is happening with. If you go in TMS and find the system. Go to the Connection tab, what IP is the TMS trying to reach the system on?

What system status does the system have? (Idle/No https response?)

/Magnus

0 Helpful

Richard Piskac
Level 1
Level 1
In response to Magnus Ohm

‎10-22-2012 07:18 AM

Hi Magnus,

in the connection tab is FW global IP 4X.XXX.XXX.XXX and Current Connection Status: OK

Headline:

System Type:TANDBERG EX90                         

System status:Idle                       

Network Address:4X.XXX.XXX.XXX                         

Connectivity:Reachable on LAN

Richard

0 Helpful

Richard Piskac
Level 1
Level 1
In response to Magnus Ohm

‎10-25-2012 09:10 AM

`

Hi Magnus,

do you have any idea?

Or give me only an information, if you think, that the problem is in my configuration, or in the system.  I'll then open tac case or admin guide:-)

Regards.

Richard

0 Helpful

Magnus Ohm
Cisco Employee
Cisco Employee
In response to Richard Piskac

‎10-25-2012 11:41 PM

Hi

A TAC case might not be a bad idea since I would assume you would be able to set a reachable on the public internet in this case.

/Magnus

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents