Solved: Re: Cisco CMS WEB page from internet

shailesh.v.mohril · ‎03-16-2018

Hi all, I am facing a wired issue with cms web access from internet ... From open internet we can access the cms webpage and join the meeting with no issues but when other office internet like Cisco or my hotel internet when try to access the same page, it allows to login but after few seconds session times out with out successfully entering to the meeting. And bring to main page asking for call id. People already in the meeting can see me as joining but after few seconds disappear from the list in CMS webpage. User trying to access the meeting experiencing timeout issue like me.

Does any one face this issue?

Ammar Saood · ‎03-25-2018

i got confuse when you say office network. i thought its your LAN or WAN . but you meant to say its some other office network, from where they want to join via expe.

usually on public WiFi or in some offices TURN port is blocked which is 3478. expressway supports 3478 TCP and UDP. but it doesnt fallback to TCP 443 and unfortunately you cannot specify a custom port for turn server when its using EXPE as turn server.

View solution in original post

Ammar Saood · ‎03-19-2018

your ICE/Media negotiation is failing. check the following TURN and NAT settings.

1. check TURN server settings and firewall ports 3478 UDP/TCP and 443.

2. use custom port on TURN say TCP 447

3. your outside public IP must be advertised by callbridge under TURN server settings.

are you using EXPE as Reverse Proxy server or CMS Edge for webbridge ??

try to connect via firefox, google chrome, opera etc

is CMA app connecting properly form outside ?

HTH

AMMAR

please rate and mark answered if helpful

shailesh.v.mohril · ‎03-25-2018

HI,

Turn is ON for Expressway E on prt 3478.

I able to access the webbrige and can join the conference with 2 way Audio/Video communication from open internet like mobile/home wifi. No issues observed. I also can join the meeting from some other offices network with no issues.

the problem is rom some of the office network it is not working and ICE negotiation is failing.

we have checked the RTP captures and seems all ok at our end.

is it possible that from some internet services (outside of the organization) no issues observed where as others having issue? will this issue at our end or other end?

Ammar Saood · ‎03-25-2018

do the following.

1. point the meeting URL to the private IP of webbridge in your internal DNS record. i doubt the office traffic is going/Resolving to public IP of EXPE.

2. callbridge IP must be reachable in your office network. i assume your callbridge IP and webbridge IP are different. callbridge acts as turn server for local traffic.

3. check routing and see if you can ping callbridge IP from office network.

4. do bypass proxy for local traffic.

HTH

AMMAR

please rate and mark answered if helpful.

shailesh.v.mohril · ‎03-25-2018

HI Amar,

I have only 1 IP assigned in the network. which is 10.10.X.20

these are the settings.

SPOCMS1000> webbridge
Enabled                 : true
Interface whitelist     : a:443
Key file                : cmscert.key
Certificate file        : cmscert.crt
Trust bundle            : cmscert.crt
HTTP redirect           : Enabled
Clickonce URL           : https://XXXXX
MSI download URL        : https://XXXXX
DMG download URL       :https://XXXXX:
iOS download URL        : https://XXXXX

SPOCMS1000> callbridge
Listening interfaces : a
Preferred interface   : none
Key file              : cmscert.key
Certificate file      : cmscert.crt
Address               : none

SPOCMS1000> webadmin
Enabled                 : true
TLS listening interface : a
TLS listening port      : 445
Key file                : cmscert.key
Certificate file        : cmscert.crt
HTTP redirect           : Disabled
STATUS                  : webadmin running

--------------------------------------

SPOCMS1000> turn
Enabled     : false
Username    : traver
Password    : AXXXXXX
Realm       : meeting.XXXX.Xx
Public IP   : none
TLS port    : 443
TLS cert    : cmscert.crt
TLS key     : cmscert.key
TLS bundle : none
Listen interface c

Postman output

---------------

https://meeting.XXXX.XA:445/api/v1/turnservers/ffc2e206-20c4-4a7b-a9aeb722

<?xml version="1.0"?>
<turnServer id="ffc2e206-20c4-4a7b-a9df-76b722">
    <serverAddress>10.10.Y.15</serverAddress>
    <clientAddress>5.X.X.X</clientAddress>
    <numRegistrations>1</numRegistrations>
    <username>traversalclient</username>
    <type>expressway</type>
    <tcpPortNumberOverride>3478</tcpPortNumberOverride>
</turnServer>

Status

------

<?xml version="1.0"?>
<turnServer>
    <status>success</status>
    <host>
        <address>10.10.Y.15</address>
        <portNumber>3478</portNumber>
        <reachable>true</reachable>
        <roundTripTimeMs>49</roundTripTimeMs>
        <mappedAddress>10.10.X.20</mappedAddress>
        <mappedPortNumber>44845</mappedPortNumber>
    </host>
</turnServer>

Internally there are no issues at all. only from some public network its not working.

Ammar Saood · ‎03-25-2018

i got confuse when you say office network. i thought its your LAN or WAN . but you meant to say its some other office network, from where they want to join via expe.

usually on public WiFi or in some offices TURN port is blocked which is 3478. expressway supports 3478 TCP and UDP. but it doesnt fallback to TCP 443 and unfortunately you cannot specify a custom port for turn server when its using EXPE as turn server.