Hi Nithin,

Thanks for your reply ,

I am sharing the snapshot of the configuration , as you told to add static route , although already i did , but again crosscheck and did all configuration freshly but still the same issue .

not able to access expressway gui with LAN1 IP 

Hi, 

Are you accessing from the network address 192.0.0.0/32 ?? you should define the destined IP addresses here (for example the subnets of your management PC). also, verify that you have a firewall rule in place to access from the LAN 1network. 

Regards. 

Hi  Shalid, 

No, I am accessing from the network address 192.0.0.0/24 , Could you please explain the firewall rule in place to access from LAN1 network in detail.  

Thanks 

Can you check the reachability to expressway E Lan 1 ip from 192.168.1.0 network.

Hi Nithin,

Expressway E Lan1 ip is reachable from 192.168.1.0 network and but it is not reachable from 192.168.2.0.

Nithin, can I go with the single IP if yes , could you please let me know the single IP configuration .

Thanks 

On what subnet your ipt servers resides, is it on 192.168.1.0

What  other subnet you use in your network.

I have scenarios where I access expressway E on Nic 2 ip and not nic 1, so no need to get panic and change it to single Nic.

instead of using 192.0.0.0/24 add below route

192.168.1.0/24 192.168.1.1

And add other subnets

Since you are using 192.168.2.x as your second nic we cannot add a route like 192.168.0.0/16. In your case you need to add route to each subnet or try a ways that doesn’t include 192.168.2.0 network.

our Ipt server reside on 192.168.1.x network and other subnet is 192.168.2.x

Thanks 

Adding below route on expressway E i am able to access the server from 10.11.50.X subnet. If you add routes properly you would be able to access the GUI on both IP. in your case summary route will not work properly as your network is 192.168.1.X and 2.X.

Setup details.

NIC 1 10.60.50.20

NIC 2 10.60.51.12

Since your IPT server are 192.168.1.0 subnet i don't think there would be any issue.i have customer sites working without any static route to other network and i use DMZ ip to access the WEB.

It is for sure doable to use a static route that overlaps with the IPs on the interfaces. We have this setup and it works with no issues.

As @Roger Kallberg mentioned yes  it’s doable to add summary route . But when testing summary route on my lab  I loose gui access through DMZ ip and was accessible only through  the  ipt vlanIP. Will test it again on my lab and provide an update.

If you like to test the summary route use

192.168.0.0/16 instead of 24.

Hi Sanjay, 

1. You should have the static route 192.0.0.0 /24 to use the LAN 1Gateway (192.168.1.1) 
2. For management access, you only need to open the HTTPS (443) port.  ( Assume that you haven't changed the default web administrator port in the expressway) .
3. For the detailed firewall access rules, you can find the following URL for the release X12.5 

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/Cisco-Expressway-IP-Port-Usage-for-Firewall-Traversal-Deployment-Guide-X12-5.pdf 

Please check the version of your expressway and the corresponding document. 

Regards,

*** Please rate the post if it finds useful

Use proper subnet and Prefix in you static route.

192.0.0.0 and prefix 32 is not a proper route.

For example, assume …

• VCS-E deploy with dual interfaces connection.
• 1^st Ethernet (NIC1) connect to Office network router (172.16.1.1/24)
• 2^nd Ethernet (NIC2) connect to public network via FW (200.1.1.1/28).
• Office network has 172.16.2.0/24 till 172.16.9.0/24 network routable from office network router (172.16.1.1)

Then,

• Configure NIC2 as public facing interface
• Configure 200.1.1.1 as default gateway
• Add static route 172.16.0.0/16 via 172.16.1.1  interface:lan1

By this configuration VCS-E know default gateway is 200.1.1.1 but also reachable 172.16.0.0/16 network via 172.16.1.1 (VCS-E know 172.16.1.1 as direct connect network from NIC1).