12-30-2021 05:46 PM
I'm encountering an issue with an Expressway-E (X12.5.4) running dual NICs where I can't get it to respond to HTTPS/SSH on the internal interface. The LAN 1 is selected as the external LAN interface, and LAN 2 is set correctly to the internal IP address. I have had to compensate for CSCvw02700 (https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw02700) by doing the workaround of multiple saves and restarts on the IP settings. The SSH service and web interface are set to On in Administration Settings with the web admin port set to default of 443. There are no firewall rules set on the Expressway and automated detection configuration shows no blocks or failures for SSH and web interface. Local inbound ports show administration SSH and HTTPS are listening on the internal IP. Another oddity is I can traceroute out to other IPs on the internal subnet from the internal interface (TTL comes back as 1 so single hop, internal and external networks can't route between each other), but I cannot ping or traceroute from those other machines to the Expressway-E internal IP. I've dug through Cisco documentation, tech notes, and bug database and have turned up nothing relevant. Has anyone seen this behavior before?
12-30-2021 10:30 PM
Are you able to reach your Expressway using External LAN IP. if yes then you might need to add a static route inside your Expressway.
12-30-2021 10:57 PM
Sorry, I should've mentioned I've tried adding in the static route for the internal subnet, but I got the same results (restart was done as Expressway required). I can connect via the external IP via SSH and HTTPS. I was able to use the external to check the config, ports, and connectivity.
In other environments with X12.6 and X12.7 (haven't tried X14 yet), I've never seen this issue; once the dual NIC is set and Expressway restarted, the external IP stops responding to admin requests and the internal IP takes over.
12-30-2021 11:42 PM
Sounds like you’re hitting some defect. If it works in newer versions my advice would be to use those instead of trying to get it to work in that rather old version. Do you have a specific reason for wanting to use this specific version?
12-31-2021 08:48 PM
A defect is what I've been leaning towards unless a prior engineer royally screwed up something in the database or filesystem. While I would much prefer using X12.7.1 or X14.0, X12.5.4 is the version being mandated for this deployment, so I'm stuck trying to troubleshoot.
01-01-2022 12:26 AM
For what reason are you mandated to stay on X12.5.4?
01-01-2022 06:24 PM
I'm studying for the CCIE Collab v3 lab, and X12.5.4 is the version being used on the exam.
01-02-2022 12:37 AM
Would you be able to share a screenshot of the IP configuration and the static route(s)?
01-02-2022 03:56 PM
Here's the current setup. 192.168.12.0/24 is the internal subnet where the UC apps and client PCs are located. 192.168.15.0/24 is the external subnet to emulate internet connectivity for the purposes of MRA.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: