Hi Florian, Yes all services are configured with forward and revers DNS records, and I have all the configurations validated and working fine in another client site with only one difference which is users here are created locally on CUCM while in the other client environment which is working there is LDAP integration for users provisioning.
BR Ahmed Abd EL-Rahman Senior Network Engineer Sent from my iPhone On Dec 22, 2017, at 12:01 AM, Florian Kroessbacher <[email protected]<mailto:[email protected]>> wrote: Hy out there Have u configured Revers DNS Important! From version X8.8 onward, you must create forward and reverse DNS entries for all Expressway-E systems, so that systems making TLS connections to them can resolve their FQDNs and validate their certificates. Page 19 https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-9.pdf -- Florian Krößbacher [email protected]<mailto:[email protected]> [https://s3.amazonaws.com/htmlsig-assets/grey/twitter.png] <https://twitter.com/flohATinnsbruck> [https://s3.amazonaws.com/htmlsig-assets/grey/googleplus.png] <https://plus.google.com/+FlorianKroessbacher> [https://s3.amazonaws.com/htmlsig-assets/grey/linkedin.png] <https://www.linkedin.com/in/florian-kroessbacher-5a29a832?> 2017-12-21 17:15 GMT+01:00 Ahmed Abd EL-Rahman <[email protected]<mailto:[email protected]>>: Hi Brian, Under presence there is only one domain and all my servers are in the same domain which is the same internally and externally, we just have some users accounts on a different domain that’s why I added that domain just to EXP-E and added it’s related SRV records. Please have a look on the attached logs taken from both Expressway C and E for a client which works fine from internal network then connected successfully from outside but the IM service is not working from outside. I really do appreciate if you can hint me about possible reasons that make IM service not working from outside company network. Best Regards Ahmed Abd EL-Rahman Senior Network Engineer From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Brian Meade Sent: Tuesday, December 19, 2017 1:01 AM To: Ahmed Abd EL-Rahman <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: [cisco-voip] Jabber IM service Issue In IM&Presence under Presence->Domains, do you have multiple domains listed? Do you have something other than default under Presence Advanced configuration for setting domain names? Setting the voice services domain is one of the few reasons you need to login internally first. If you are using UserID@Default Domain then you shouldn't need to login internally first. You may just need to remove the domain portion from the username on the username/password page when logging in the first time. On Mon, Dec 18, 2017 at 4:06 PM, Ahmed Abd EL-Rahman <[email protected]<mailto:[email protected]>> wrote: What’s the flexible Jabber ID? Also I have local users created on CUCM with no LDAP integration. For the domain portion it’s not removed if the first login is through MRA and the login failed but as mentioned if I logged in thought inside network before the login through MRA goes smooth and login successfully but with one exception that IM service is not available. Best Regards Ahmed Abd EL-Rahman Senior Network Engineer From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Brian Meade Sent: Monday, December 18, 2017 11:50 PM To: Ahmed Abd EL-Rahman <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: [cisco-voip] Jabber IM service Issue Are you using flexible Jabber ID? One thing to make sure is that first time MRA login gets rid of the domain portion in the username on the username/password form after entering username@domain in the service discovery window. On Mon, Dec 18, 2017 at 3:43 PM, Ahmed Abd EL-Rahman <[email protected]<mailto:[email protected]>> wrote: Hi Brian, Will try what you suggested, but other than this issue I have another symptom, the user must use Jabber for first time from inside the network then afterwards he can use it from outside but if he tries the first time from outside the network it won’t register as all, even the login stage is not passed. Does this point to anything ? Best Regards Ahmed Abd EL-Rahman Senior Network Engineer From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Brian Meade Sent: Monday, December 18, 2017 11:27 PM To: Ahmed Abd EL-Rahman <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: [cisco-voip] Jabber IM service Issue Try removing "inspect sip" from the global policy. You don't want that in there with Expressway. Not sure if XMPP traffic hits that as well or not. You can also try refreshing the IM&P Servers on the Expressway-C Unified Communications configuration. Enabling diagnostic logging on the Expressway-E and Expressway-C then trying to connect should help show what is going on as well. On Mon, Dec 18, 2017 at 3:16 PM, Ahmed Abd EL-Rahman <[email protected]<mailto:[email protected]>> wrote: Hi Brian, Currently I’m opening all IP traffic to Expressway public IP on our Cisco ASA FW Regarding the inspection configured here it is : policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp which one could cause this issue ? Best Regards Ahmed Abd EL-Rahman Senior Network Engineer From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Brian Meade Sent: Monday, December 18, 2017 10:43 PM To: Ahmed Abd EL-Rahman <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: [cisco-voip] Jabber IM service Issue Looks like possible XMPP/TCP 5222 connection issues from the logs. It just keeps reconnecting over and over again but the port is open on the Expressway and through the firewall. What model firewall are you using? You may need to disable some XMPP inspection/application filtering. On Mon, Dec 18, 2017 at 2:25 PM, Ahmed Abd EL-Rahman <[email protected]<mailto:[email protected]>> wrote: Dear Gents, I have a question regarding Jabber setup, I have Jabber client working fine from internal network but externally it’s able to login and both phone and voice mail services are connected but IM service is not working while IM service works just fine from inside network. Attached is Jabber client logs for this case. So any ideas ? Best Regards Ahmed Abd EL-Rahman Senior Network Engineer _______________________________________________ cisco-voip mailing list [email protected]<mailto:[email protected]> https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list [email protected]<mailto:[email protected]> https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
