[cisco-voip] Latest Jabber Video for iPAD 9.3.4 and Anyconnect Split tunnel

Anthony Kouloglou akoul at dataways.gr
Mon Jan 13 09:00:44 EST 2014


FYI,
  it is a know bug.
BUG : CSCug95985

2. For Jabber iPad 9.3.x (Jabber Video) can't register to CCM issue
*Symptom:*
                 When enable split-tunnel and configure CCM connect 
using FQDN, then Jabber iPad 9.3.x (Jabber Video) can't register to CCM,
                                 if using CCM IP address, then Jabber 
iPad 9.3.x (Jabber Video) can register to CCM.
                                 Or if using Full-Tunnell VPN, then 
Jabber iPad 9.3.x (Jabber Video) can register to CCM.
*Cause Analysis:*
                 Jabber iPad 9.3.x (Jabber Video) doesn't use 
split-tunnel configured DNS when query CCM FQDN to IP address.
*Workaround: *
                 1. Use full-tunnel VPN
             2. Change CCM connection from FQDN to IP address on CUPS:
                         2.1 Change TFTP Server to IP: CUPS 
Server->Application->Legacy Client Settings->TFTP Server
                         2.2 Change CCMCIP Server to IP: CUPS 
Server->Application->Legacy Client Settings->CCMCIP Profile->Primary 
CCMCIP Host/Backup CCMCIP Host

BR
Anthony

On 13-Jan-14 10:52, Anthony Kouloglou wrote:
> Hi all,
> i have a very strange behavior on my Jabber Video for iPAD.
> Setup:
> - CUCM 9.1(X) and IM&P 9.1(X) with real IPs behind firewalled from an ASA.
> -CUCMs domain is not resolvable via public DNS in order for on-demand 
> VPN to work->works fine with iphone
> -Anyconnect on ipad with certificate authentication on ASA running 
> 9.0.6 ->works fine
> -Group Policy with split include: the LAN where CUCM and IMP exists. 
> ALL DNS requests are sent in a private DNS in the same LAN as CUCM and 
> IM&Presence
> *Case 1: i pad Video and Voice Calling cannot be registered*
> At IM&P->Application-> Legacy Client config: _TFTP is configured __as 
> FQDN (fully resolvable via DNS obtained via Group Policy)_
> what i see is that :
> Jabber as IM is registered via anyconnect tunnel
> then it queries the private DNS for CUCMs fqdn
> it gets the IP that is split tunneled
> then it _DOES NOT_ use the vpn tunnel but via internet it gets NATEd 
> from the local router and tries to connect with this IP to TCP 5060 of 
> the CUCMs IP obtained so it is blocked!
>
> *Case 2: i pad Video and Voice Calling can be registered*
> At IM&P->Application-> Legacy Client config: _TFTP is configured __as IP_
> what i see is that :
> Jabber as IM is registered via anyconnect tunnel
> then it uses the IP of the CCUCM that is spli tunneled and
> then it DOES use the vpn tunnel and it tries to connect to TCP 5060 of 
> the CUCMs IP  with source IP of the anyconnect and it succeeds!
>
> Also, another way to make it work is tunnel all traffic: 
> _*unacceptable*__*!*_
> i do not want to use IP in the TFTP server field since when i do that, 
> i have no control on the on-demand-vpn.
> So, it is not that case https://supportforums.cisco.com/thread/2177944 
> since i can make it work through split tunnel when no DNS request is 
> involved.
> But again, the DNS server, replies with the IP that i use in the 
> legacy client config!
>
>
> FYI, jabber for iphone running on iPAD does not have this issue! it 
> uses split tunnel policy correctly.
>
> Any thought are welcomed!
>
> BR
> Anthony

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140113/6e7a8c25/attachment.html>


More information about the cisco-voip mailing list