Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
896
Views
0
Helpful
7
Replies

Jabber MRA Design and Issue ( inside to outside call not working )- out side jabber to jabber is also not working

rajaayman
Level 1
Level 1

‎04-23-2020 06:23 AM - edited ‎04-23-2020 09:50 PM

HI 

Below is the topology 

Express way nic 2 ip is 172.20.10.16 gate way to express way-E is 172.20.10.1

topology.png

 

ISP Public IP is a dynamic IP will change  but for SRV record managed with DDNS option it is able to resolve the SRV correctly

Express way is configured with dual NIC  on the lan 2 Nat ip I have to give ( PUbilic ip or ASA wan ip )  if I keep it off jabber client will not register

From Internet to Internal ext jabber call is working disconnecting in 15 sec ( both audio and video )

From Internal( EXT, Jabber) to Internet ( MRA-Jabber) it connects no audio and gets disconnect

Internet to Internet ( MRA Jabber client ) call connects no audio or video

 

 

Jabber error ( this error is captured as keeping public ip )

* Jabber logs:

Call from 2002@192.168.1.11 to 3001@192.168.1.11 failed to connect.

Further information

Jabber received 200 OK from 31.15.11.248 but the last record route of the message points to 172.20.10.16.

Jabber therefore has raised an error saying that 172.20.10.16 is an unkown address.

 

Please help what i am doing wrong on it .

 

Regards

Raja 

0 Helpful
7 Replies 7

rajaayman
Level 1
Level 1

‎04-23-2020 11:39 PM - edited ‎04-23-2020 11:42 PM

HI All 

 

I have changed the public ip to  the ASA wan ip on the NIC 2 and jabber mobile client is able to register 

error.png

 

 

Now only the calling issue is there while doing CollabEdge validator on https://cway.cisco.com/csa/

as the test gives onl the below error 

 


Tested Expressway-C paths
192.168.1.15
Tested CUCM servers
192.168.1.11
Failed to register softphone to CUCM with error 403 Forbidden.

 

Getting the attached error 

error 1.pngerror2.png

 

 

 

error 3.png

 

 

Please help to tshoot 

 

 

 

 

 

 

 

Preview file
52 KB
Preview file
30 KB
Preview file
63 KB
0 Helpful

rajaayman
Level 1
Level 1
In response to rajaayman

‎04-25-2020 11:03 AM

HI ALL 

 

any one please help me on this .

 

 

0 Helpful

Roger Kallberg
VIP
VIP
In response to rajaayman

‎04-25-2020 11:36 PM

You cannot use private IP for the NAT.



Response Signature


0 Helpful

rajaayman
Level 1
Level 1
In response to Roger Kallberg

‎04-26-2020 12:11 AM

can we do NAT off on express-way and do only on ASA ?

 

 

But while i use the public ip on nat i am getting only 1 way call like MRA users can call the internal  user 

0 Helpful

Roger Kallberg
VIP
VIP
In response to rajaayman

‎04-26-2020 06:52 AM - edited ‎04-26-2020 10:44 PM

The E Expressway doesn’t per see do NAT. What it does is to rewrite the SIP header with the IP that is set in NAT configuration. The actual NAT is done in the firewall or whatever you have that faces internet. So you’d have to use the same IP that is used for NAT in the firewall for this configuration in Expressway E.



Response Signature


0 Helpful

rajaayman
Level 1
Level 1
In response to Roger Kallberg

‎04-27-2020 12:35 AM

Thank you for the update Mr Roger 

 

if i keep the nat off the client is not registering at all /

 

if i keep the public ip it is getting register and having 1 way calling issue .

 

 

 

From the ISP router have forward all the ports  asa 

 

Below is my asa config 

 

 

 

Address Object

 

object service obj-udp_3478-3483

service udp source range 3478 3483

object service obj-udp_24000-29999

service udp source range 24000 29999

object service obj-udp_36002-59999

service udp source range 36002 59999

object service obj-tcp_5222

service tcp source eq 5222

object service obj-tcp_8443

service tcp source eq 8443

object service obj-tcp_5061

service tcp source eq 5061

object service obj-udp_5061

service udp source eq 5061

object service obj-tcp_5060

service tcp source eq sip

object service obj-udp_5060

service udp source eq sip

object service obj-udp_1719

service udp source eq 1719

object service obj-udp_2776

service udp source eq 2776

object service obj-tcp_2776

service tcp source eq 2776

object service obj-udp_1024

service udp source eq 1024

object service obj-udp_36000-36001

service udp source range 36000 36001

object service obj-udp_15000-19999

service udp source range 15000 19999

object service obj-tcp_15000-19999

service tcp source range 15000 19999

 

 

 

Access list

 

access-list dmz-in extended permit tcp any host 172.20.10.16

access-list dmz-in extended permit udp any host 172.20.10.16

 

 

NAT :

 

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_3478-3483 obj-udp_3478-3483

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_24000-29999 obj-udp_24000-29999

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_36002-59999 obj-udp_36002-59999

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_5222 obj-tcp_5222

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_8443 obj-tcp_8443

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_5061 obj-tcp_5061

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_5061 obj-udp_5061

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_5060 obj-tcp_5060

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_5060 obj-udp_5060

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_1719 obj-udp_1719

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_2776 obj-udp_2776

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_2776 obj-tcp_2776

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_1024 obj-udp_1024

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_36000-36001 obj-udp_36000-36001

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-udp_15000-19999 obj-udp_15000-19999

nat (dmz,outside) source static obj-ExpressWay-E interface service obj-tcp_15000-19999 obj-tcp_15000-19999

 

 

 

Please can you advise what change i have to make in the setup 

 

regards

Raja

0 Helpful

Roger Kallberg
VIP
VIP
In response to rajaayman

‎04-27-2020 01:32 AM - edited ‎04-27-2020 01:33 AM

I'm no firewall specialist, so can't really comment on you're configuration provided. It's not that hard, what ever IP that you have defined as the public IP in you NAT statement in the firewall needs to be set as the IPv4 static NAT address in Expressway. Let's say that your public IP would be 151.3.2.10, this IP should be the what you define in the NAT statement in your firewall and in this setting in Expressway. You have to use the same IP for both configurations.

 


Response Signature


0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents