cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
407
Views
10
Helpful
2
Replies
gabriel.caclin
Enthusiast

Webex Hybrid Data Security - KMS strange behavior

Hi All,

 

I am currently in a setup of Hybrid Data Security on Webex Teams, involving 3x KMS.

I already have a case open, but the engineer looks not understanding ...

In fact, the KMS are configured with IP:

  • 10.10.10.10
  • 10.10.10.20
  • 10.10.10.30

For a total unkown reason, the KMS are sending out packet with source IP in range 172.16.X.X or 172.17.X.X. It's a total unknow range, and why the KMS will send packet with a different IP than the one configured during the setup?

 

As well, we saw that the KMS is sending UDP/53 (DNS) packets to IP 172.17.255.255, but same, this IP is unknown, because the DNS configured on the KMS is 10.10.20.20.

 

My guess is that black box is running several instance of docker stuff with an internal network, but it put a total mess in the configuration and troublshooting.

If anybody has an idea, I will appreciate.

 

Thanks!

2 REPLIES 2
gabriel.caclin
Enthusiast

Answer to myself: after digging on the KMS, in the GUI web page, there is the menu of the network configuration, and then there is a tab named "advanced configuration". Here we can found that unknown network plan which is used by the containers within the KMS. TAC does not know what we have to do with that network, I mean if we have to configure a customer network or not.

Thanks Gabriel. It seems TAC doesn’t know much about on-prem KMS. Seems not many customers have deployed it. 

Have you encountered an issue with your other hybrid connectors (calendar, message) retrieving keys from on-prem KMS after some time?

Content for Community-Ad