04-23-2020 06:23 AM - edited 04-23-2020 09:50 PM
HI
Below is the topology
Express way nic 2 ip is 172.20.10.16 gate way to express way-E is 172.20.10.1
ISP Public IP is a dynamic IP will change but for SRV record managed with DDNS option it is able to resolve the SRV correctly
Express way is configured with dual NIC on the lan 2 Nat ip I have to give ( PUbilic ip or ASA wan ip ) if I keep it off jabber client will not register
From Internet to Internal ext jabber call is working disconnecting in 15 sec ( both audio and video )
From Internal( EXT, Jabber) to Internet ( MRA-Jabber) it connects no audio and gets disconnect
Internet to Internet ( MRA Jabber client ) call connects no audio or video
Jabber error ( this error is captured as keeping public ip )
* Jabber logs:
Call from 2002@192.168.1.11 to 3001@192.168.1.11 failed to connect.
Further information
Jabber received 200 OK from 31.15.11.248 but the last record route of the message points to 172.20.10.16.
Jabber therefore has raised an error saying that 172.20.10.16 is an unkown address.
Please help what i am doing wrong on it .
Regards
Raja
04-23-2020 11:39 PM - edited 04-23-2020 11:42 PM
HI All
I have changed the public ip to the ASA wan ip on the NIC 2 and jabber mobile client is able to register
Now only the calling issue is there while doing CollabEdge validator on https://cway.cisco.com/csa/
as the test gives onl the below error
Tested Expressway-C paths
192.168.1.15
Tested CUCM servers
192.168.1.11
Failed to register softphone to CUCM with error 403 Forbidden.
Getting the attached error
Please help to tshoot
04-25-2020 11:03 AM
HI ALL
any one please help me on this .
04-25-2020 11:36 PM
You cannot use private IP for the NAT.
04-26-2020 12:11 AM
can we do NAT off on express-way and do only on ASA ?
But while i use the public ip on nat i am getting only 1 way call like MRA users can call the internal user
04-26-2020 06:52 AM - edited 04-26-2020 10:44 PM
The E Expressway doesn’t per see do NAT. What it does is to rewrite the SIP header with the IP that is set in NAT configuration. The actual NAT is done in the firewall or whatever you have that faces internet. So you’d have to use the same IP that is used for NAT in the firewall for this configuration in Expressway E.
04-27-2020 12:35 AM
Thank you for the update Mr Roger
if i keep the nat off the client is not registering at all /
if i keep the public ip it is getting register and having 1 way calling issue .
From the ISP router have forward all the ports asa
Below is my asa config
Address Object
object service obj-udp_3478-3483
service udp source range 3478 3483
object service obj-udp_24000-29999
service udp source range 24000 29999
object service obj-udp_36002-59999
service udp source range 36002 59999
object service obj-tcp_5222
service tcp source eq 5222
object service obj-tcp_8443
service tcp source eq 8443
object service obj-tcp_5061
service tcp source eq 5061
object service obj-udp_5061
service udp source eq 5061
object service obj-tcp_5060
service tcp source eq sip
object service obj-udp_5060
service udp source eq sip
object service obj-udp_1719
service udp source eq 1719
object service obj-udp_2776
service udp source eq 2776
object service obj-tcp_2776
service tcp source eq 2776
object service obj-udp_1024
service udp source eq 1024
object service obj-udp_36000-36001
service udp source range 36000 36001
object service obj-udp_15000-19999
service udp source range 15000 19999
object service obj-tcp_15000-19999
service tcp source range 15000 19999
Access list
access-list dmz-in extended permit tcp any host 172.20.10.16
access-list dmz-in extended permit udp any host 172.20.10.16
NAT :
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_3478-3483 obj-udp_3478-3483
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_24000-29999 obj-udp_24000-29999
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_36002-59999 obj-udp_36002-59999
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_5222 obj-tcp_5222
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_8443 obj-tcp_8443
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_5061 obj-tcp_5061
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_5061 obj-udp_5061
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_5060 obj-tcp_5060
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_5060 obj-udp_5060
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_1719 obj-udp_1719
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_2776 obj-udp_2776
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_2776 obj-tcp_2776
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_1024 obj-udp_1024
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_36000-36001 obj-udp_36000-36001
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_15000-19999 obj-udp_15000-19999
nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_15000-19999 obj-tcp_15000-19999
Please can you advise what change i have to make in the setup
regards
Raja
04-27-2020 01:32 AM - edited 04-27-2020 01:33 AM
I'm no firewall specialist, so can't really comment on you're configuration provided. It's not that hard, what ever IP that you have defined as the public IP in you NAT statement in the firewall needs to be set as the IPv4 static NAT address in Expressway. Let's say that your public IP would be 151.3.2.10, this IP should be the what you define in the NAT statement in your firewall and in this setting in Expressway. You have to use the same IP for both configurations.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide