Hy out there Have u configured Revers DNS Important! >From version X8.8 onward, you must create forward and reverse DNS entries for all Expressway-E systems, so that systems making TLS connections to them can resolve their FQDNs and validate their certificates.
Page 19 https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-9.pdf -- Florian Krößbacher [email protected] <https://twitter.com/flohATinnsbruck> <https://plus.google.com/+FlorianKroessbacher> <https://www.linkedin.com/in/florian-kroessbacher-5a29a832?> 2017-12-21 17:15 GMT+01:00 Ahmed Abd EL-Rahman <[email protected]>: > Hi Brian, > > > > Under presence there is only one domain and all my servers are in the same > domain which is the same internally and externally, we just have some users > accounts on a different domain that’s why I added that domain just to EXP-E > and added it’s related SRV records. > > > > Please have a look on the attached logs taken from both Expressway C and E > for a client which works fine from internal network then connected > successfully from outside but the IM service is not working from outside. > > > > I really do appreciate if you can hint me about possible reasons that make > IM service not working from outside company network. > > > > > > > > > > > > > > > > > > Best Regards > > > > Ahmed Abd EL-Rahman > > Senior Network Engineer > > > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Brian > Meade > *Sent:* Tuesday, December 19, 2017 1:01 AM > *To:* Ahmed Abd EL-Rahman <[email protected]> > *Cc:* [email protected] > *Subject:* Re: [cisco-voip] Jabber IM service Issue > > > > In IM&Presence under Presence->Domains, do you have multiple domains > listed? Do you have something other than default under Presence Advanced > configuration for setting domain names? Setting the voice services domain > is one of the few reasons you need to login internally first. > > > > If you are using UserID@Default Domain then you shouldn't need to login > internally first. You may just need to remove the domain portion from the > username on the username/password page when logging in the first time. > > > > On Mon, Dec 18, 2017 at 4:06 PM, Ahmed Abd EL-Rahman < > [email protected]> wrote: > > What’s the flexible Jabber ID? Also I have local users created on CUCM > with no LDAP integration. > > > > For the domain portion it’s not removed if the first login is through MRA > and the login failed but as mentioned if I logged in thought inside network > before the login through MRA goes smooth and login successfully but with > one exception that IM service is not available. > > > > > > > > > > > > > > Best Regards > > > > Ahmed Abd EL-Rahman > > Senior Network Engineer > > > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Brian > Meade > *Sent:* Monday, December 18, 2017 11:50 PM > > > *To:* Ahmed Abd EL-Rahman <[email protected]> > *Cc:* [email protected] > *Subject:* Re: [cisco-voip] Jabber IM service Issue > > > > Are you using flexible Jabber ID? > > > > One thing to make sure is that first time MRA login gets rid of the domain > portion in the username on the username/password form after entering > username@domain in the service discovery window. > > > > On Mon, Dec 18, 2017 at 3:43 PM, Ahmed Abd EL-Rahman < > [email protected]> wrote: > > Hi Brian, > > > > Will try what you suggested, but other than this issue I have another > symptom, the user must use Jabber for first time from inside the network > then afterwards he can use it from outside but if he tries the first time > from outside the network it won’t register as all, even the login stage is > not passed. > > > > Does this point to anything ? > > > > > > > > > > > > > > Best Regards > > > > Ahmed Abd EL-Rahman > > Senior Network Engineer > > > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Brian > Meade > *Sent:* Monday, December 18, 2017 11:27 PM > > > *To:* Ahmed Abd EL-Rahman <[email protected]> > *Cc:* [email protected] > *Subject:* Re: [cisco-voip] Jabber IM service Issue > > > > Try removing "inspect sip" from the global policy. You don't want that in > there with Expressway. Not sure if XMPP traffic hits that as well or not. > > > > You can also try refreshing the IM&P Servers on the Expressway-C Unified > Communications configuration. > > > > Enabling diagnostic logging on the Expressway-E and Expressway-C then > trying to connect should help show what is going on as well. > > > > On Mon, Dec 18, 2017 at 3:16 PM, Ahmed Abd EL-Rahman < > [email protected]> wrote: > > Hi Brian, > > > > Currently I’m opening all IP traffic to Expressway public IP on our Cisco > ASA FW > > > > Regarding the inspection configured here it is : > > policy-map global_policy > > class inspection_default > > inspect dns maximum-length 512 > > inspect ftp > > inspect h323 h225 > > inspect h323 ras > > inspect rsh > > inspect rtsp > > inspect esmtp > > inspect sqlnet > > inspect skinny > > inspect sunrpc > > inspect xdmcp > > inspect sip > > inspect netbios > > inspect tftp > > > > which one could cause this issue ? > > > > > > > > > > > > > > Best Regards > > > > Ahmed Abd EL-Rahman > > Senior Network Engineer > > > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Brian > Meade > *Sent:* Monday, December 18, 2017 10:43 PM > *To:* Ahmed Abd EL-Rahman <[email protected]> > *Cc:* [email protected] > *Subject:* Re: [cisco-voip] Jabber IM service Issue > > > > Looks like possible XMPP/TCP 5222 connection issues from the logs. It > just keeps reconnecting over and over again but the port is open on the > Expressway and through the firewall. > > > > What model firewall are you using? You may need to disable some XMPP > inspection/application filtering. > > > > > > On Mon, Dec 18, 2017 at 2:25 PM, Ahmed Abd EL-Rahman < > [email protected]> wrote: > > Dear Gents, > > > > I have a question regarding Jabber setup, I have Jabber client working > fine from internal network but externally it’s able to login and both phone > and voice mail services are connected but IM service is not working while > IM service works just fine from inside network. > > > > Attached is Jabber client logs for this case. > > > > So any ideas ? > > > > Best Regards > > > > Ahmed Abd EL-Rahman > > Senior Network Engineer > > > > > _______________________________________________ > cisco-voip mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/cisco-voip > > > > > > > > > > _______________________________________________ > cisco-voip mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/cisco-voip > >
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
