Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1202
Views
0
Helpful
5
Replies

Expressway not communicating to CUCM

jbaly
Level 4
Level 4

‎05-10-2017 07:30 AM - edited ‎03-18-2019 01:05 PM

Hi,

I suspect it may be due to a recent CUCM upgrade (11.5.1) but my Expressway C cannot communicate with it:

SIP: Failed to connect to 10.1.16.1:5065 : No response from system

Both systems have been rebooted, but still not working.

Any thoughts?

Labels:
0 Helpful
5 Replies 5

Patrick Sparkman
VIP Alumni
VIP Alumni

‎05-10-2017 09:41 AM

What software version is your Expressway running?

When running CUCM 11.5(1),  due to changes in the IM&P Service, you should be running Expressway X8.8 and later as earlier versions are not compatible, refer to the Interoperability section of the Expressway X8.8 Release Notes.

Has anything else changed, other than upgrading CUCM?

0 Helpful

jbaly
Level 4
Level 4
In response to Patrick Sparkman

‎05-10-2017 09:49 AM

I think it's down to a certificate issue (when isn't it!). When I change the SIP trunk security profile to TCP from TLS, connectivity is restored. I'll refresh the certs to confirm.

Do certs change when upgrading?

0 Helpful

Patrick Sparkman
VIP Alumni
VIP Alumni
In response to jbaly

‎05-10-2017 09:53 AM

I don't think so, but I'm not sure for CUCM.

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to Patrick Sparkman

‎05-10-2017 07:57 PM

No, upgrading does not change anything in the CUCM's certificates.

HTH

java

if this helps, please rate
0 Helpful

Alok Jaiswal
Level 4
Level 4
In response to jbaly

‎05-11-2017 04:23 AM

First thing first, are you using a self signed certificate or CA signed ?

CUCM 11.5 brings support for ECDSA certificate. 

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/11_5_1/secugd/CUCM_BK_SEE2CFE1_00_cucm-security-guide-1151/CUCM_BK_SEE2CFE1_00_cucm-security-guide-1151_chapter_011.html#CUCM_TP_G6593FBA_00

Is this for MRA ? or a normal CUCM neighbour zone on TLS for CUCM B2B Calls ?

If its for B2B calls, Can you go to CUCM Enterprise parameter and then check for "security parameters" and you will see TLS ciphers. what do you have configured there ?

By default its "All Ciphers RSA Preferred". Just make sure you have set that under enterprise parameter.

Also check the security profile to verify if the correct port is configured( 5065 as you mentioned) along with the correct FQDN for the incoming certificate.

If it still fails then do a tcp dump at both the end and check the certificates, what you are sending and what is getting received and then make sure certificates are trusted at both the ends.

Regards,

Alok

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents