We are deploying a new project with Mobile Remote Access solution in order to allow Jabber client to communicate from internet. These are the version and servers that we have:
Expressway-C and Expressway-E running 8.5.1 (Both were installed with the version 8.2 and were upgraded to the version 8.5.1)
This is a simple topology of our environment. Expressway is using two interfaces and its external interface is behind NAT 1 to 1 (with the proper public IP address configured on the IP settings):
The issue we facing is very weird. The external Jabber clients are able to register and make calls to the internal devices properly, however, when the call is connected, we have no RTP from both sides.
After performing some debugs we came to conclusion that it might be some king of bug on VCS Expressway. This is what happens:
The most weird point is that, If I reboot Expressway-E, the first call made after the reboot works just fine (we have RTP in both directions), however, the next call attempts have the same symptom, no RTP at all. Then another reboot makes the first call to work correctly.
Has anybody here got a issue like that?
Thanks in advance.
Check your log file on your Expressway C .
It will give you an idea of what you should look at.
Have you added all your CUCM , IM&P servers to your HTTP server allow lists
Thanks for your repply.
Everything was configured correctly on Expressway-C, including the UC servers. I spent hours debugging both Expressway C and E. As far as I can see, there is nothing wrong with call signalling, everything is negotiated just fine, including ports for RTP traffic. The only issue is that Expressway-E receives that RTP traffic from Expressway-C but it does not send it to the remote endpoint on internet. I also made sure that the IP settings are properly configured on Expressway-E (since it is using 2 interfaces).
At this moment I have a TAC case for that issue. I hope to have some feedback from TAC very soon. I will provide a update on this post after we find a solution for this issue.
Folks, unfortunately, we dont have a solution for this case yet. A TAC case was oppened and the engineer is still trying to find a solution.
Yes it's a Fortigate :)
I solved the problem.
I put the External Interface of the Expressway-E in NAT Mode and configure the IP Public adress.
After that, RTP is OK trought the the Fortigate.
Thanks guys !
Have someone found a solution for this issue?
I have the same architecture using a fortigate firewall.
When the call is incoming (from PSTN to jabber) the audio flows .
In the other hand, when i make an external call to PSTN there is no audio (both sides).
Calling internal extensions just work fine.
N.B: I tried disbaling SIP ALG on the fortigate but nothing changed
If the hostname of the Expressway-E resolves to DMZ or internal IP Address The SIP packets are trying to go to that IP address, and as you know that is not an internet routable addres. In fact that is the Expressway internal addres. If you are doing it please don’t and point it to the External one and perform a method called NAT reflection on your Firewall.
I have same setup UCM 10.5.2, CUC 10.5.2, CUPS 10.5.2, DC 2012, EXP-C and EXP-E 8.6.1 with Cisco ASA 5505 8.4(3).
Jabber both audio and video call goes perfect for a couple of minutes then no audio (sound like cutting voice comes). if i restart then again works for a some calls.
Can someone help to share list of ports to open in ASA?
Thank you in advance.
Sounds like the firewall ports are not opened correctly on the Expressway-E to the internet.
36000 and 36001 are just for RTP negotiation of which ports to use for the Expressway-E to the public internet.
Expressway-C and Expressway-E should be using the Unified Communications traversal zone, and whichever SIP port you have chosen for that internal DMZ firewall traversal.
Double check that the firewall also has from the expressway-e to the internet, and the internet to expressway-e ports 36002-59999 open for the actual RTP and SRTP media to flow.
I have exactly the same problem do you have.
The Epressway-E don't send traffic outside with the external Interface (LAN 1) but receive the traffic from the Expressway-C on the internal Interface (LAN 2).
Did you find a solution ?
Would you like to share outcome of your TAC case on above issue, I'm facing similar issue where everything looks good except no RTP on connected calls.