[cisco-voip] Collaboration Edge / MRA Troubleshooting

Dana Tong Dana_Tong at bridgepoint.com.au
Thu Jan 29 00:40:03 EST 2015


Hi Josh,

No firewall changes I’m afraid. Traversal client is configured with fqdn that resolves to the Public IP. The Zone is reporting “active” and connected to the correct (public) IP.

The EDGE is Single NIC with Static NAT. Static NAT is configured on the EDGE.


I do see the following error in the Expressway logs:

Event="Request Failed" Detail="Access denied" Reason="Host is not in allow list" Host="vcs_control.customer.com.au" URL="bnFifdsfds0uYXU/get_edge_config" UTCTime="2015-01-29 05:05:43,613"
Strange considering vcs_control is not a hostname, or fqdn of any device. The Expressway CORE has an alternate name.

There’s no reference to that in the EDGE that I am aware of.

I added it to the http whitelist and it reports the same error. I do not have too many logs enabled though. Just developer.CollaborationEdge, and developer.xcp on the Support Log.

Thanks
Dana


From: Josh Warcop [mailto:josh at warcop.com]
Sent: Thursday, 29 January 2015 11:44 AM
To: Dana Tong
Cc: cisco-voip at puck.nether.net (cisco-voip at puck.nether.net)
Subject: Re: [cisco-voip] Collaboration Edge / MRA Troubleshooting

Was there also a change in the firewall in conjunction to the DNS change? What is the traversal client configured to connect to now? Is the edge server single NIC With nat?

Connecting to the public IP of the edge is actually a correct configuration if you also work out the nat kungfu on the firewall.

Thanks!

On Jan 28, 2015, at 8:34 PM, Dana Tong <Dana_Tong at bridgepoint.com.au<mailto:Dana_Tong at bridgepoint.com.au>> wrote:
Hi all,

I have an issue with a deployment. It was up and running. I could login and make and receive calls over MRA.

However there was a change to a DNS FQDN which broke the Traversal Zones. (ie the traversal client was configured to connect to FQDN of the Public NAT’d Address of the Expressway EDGE).

The customer removed the DNS change and the zones came active again.

However since then I’ve not been able to login to Jabber MRA. I am also unable to check using the following URL.
https:// expwe01.customer.com.au<http://expwe01.customer.com.au>:8443/bnFi[removed]uYXU=/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin

The browser returns a 403 Forbidden. It does not prompt for a username / password. I’ve tried clearing cache / cookies / history.

Is there a problem with the traversal zone (which reports “active”) or is the problem with the authentication. Are there any tips on how I can troubleshoot this?

Cheers
Dana

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150129/38981880/attachment.html>


More information about the cisco-voip mailing list