12-02-2014 03:11 AM - edited 03-19-2019 08:54 AM
Hi everyone,
As my subject above,
My Jabber can not login from outside (internet), the error message on Jabber client is "Your username or password are no correct".
From Expressway Core's event log I got :
call log attached from expressway core and expressway edge.
Please advise.
regards,
Ovindo
12-06-2014 02:08 PM
Here are a few questions:
1. Are you using single or dual NICs on the Expressway Edge?
2. Is Jabber currently working for your environment internally?
3. How is your certificate configured for the Expressway Edge?
a. Does certificate support client and server authentication?
b. When you generated the CSR, did you configured the Unified CM registrations
domain appropriately as a SAN?
4. How are you pointing to the traversal server from the Expressway Core? DNS?
12-07-2014 06:31 PM
Hi Daniel,
Q : 1. Are you using single or dual NICs on the Expressway Edge?
A : I'm using dual NIC, 1st NIC local IP and 2nd NIC direct public (I'm not using NAT), External interface in 2nd NIC.
Q : 2. Is Jabber currently working for your environment internally?
A : yes, my jabber work fine in my internal network.
Q : 3. How is your certificate configured for the Expressway Edge?
a. Does certificate support client and server authentication?
b. When you generated the CSR, did you configured the Unified CM registrations
domain appropriately as a SAN?
A : I'm using self signed certificate (using OpenSSL from my PC), All the certificate (exp-c, exp-e, ucm, im&p) is using IP address.
What do you mean about SAN (Storage Attached Network)?
Q : 4. How are you pointing to the traversal server from the Expressway Core? DNS?
A : I'm using "UC Traversal Zone" in both Expressway Core and Edge,
I'm using IP address in 1st NIC in Expressway Edge. And the UC Traversal Zone is "Active",
UCM and IM&P is active too from Expressway Core.
Please Advise.
Ovindo
12-07-2014 08:38 PM
Dear Daniel,
Below are the screen capture from :
SRV from public
Unified Communication Traversal Zone
Unified Communication Manager and IM Presence Server in Expressway Core
Unified Communication in Expressway Edge
Another question : Is it mandatory to use DNS in my internal network? because my CUCM and IM&P not using DNS Server.
Please advise,
Thanks,
Ovindo
12-08-2014 10:02 AM
First off, I highly recommend you use a publicly signed certificate for your Expressway Edge.
SAN - Subject Alternate Name.
Also I recommend using DNS names and enabling TLS verification on the traversal zones for the Core and Edge.
Please see the two guides below which explain all of this in detail.
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-2/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-2.pdf
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-1.pdf
03-25-2015 02:41 AM
Hi Ovindo,
I've the same issue, did you resolve it?
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide