<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="auto">
On Aug 31, 2018, at 06:55, Ryan Huff <<a href="mailto:ryanhuff@outlook.com">ryanhuff@outlook.com</a>> wrote:<br>
<div><br>
</div>
<blockquote type="cite">
<div>No, it shouldn’t, stateful egress should be fine (what goes out, comes back in the same way).
<div><br>
</div>
<div>However, since you say you have a PA ... I'm guessing it is doing something weird that isn’t expected. Layer 7 firewalls are the bane of Cisco UC existence... lol (not that bad really, just takes extra effort almost always).</div>
<div><br>
</div>
<div>I had a similar type issue with a CheckPoint firewall recently and in that case, we discovered the CP was doing this odd inspection and classification of the traffic .... so we had to disable the application identification mechanism so the traffic wasn’t
inspected or classified.<br>
<br>
<div id="AppleMailSignature">Sent from my iPhone</div>
<div><br>
On Aug 31, 2018, at 06:49, Dana Tong <<a href="mailto:dana.tong@yellit.com.au">dana.tong@yellit.com.au</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>Does it need a direct one to one NAT? There was nothing in the Palo Alto logs for denial of traffic. <br>
<br>
<div id="AppleMailSignature">Regards,
<div>Dana Tong </div>
<div>+61 416 165 030</div>
</div>
<div><br>
On 31 Aug 2018, at 8:28 pm, Ryan Huff <<a href="mailto:ryanhuff@outlook.com">ryanhuff@outlook.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>Something is in its way to the Internet ... web filter perhaps? Asymmetrical route somehow? Expressway-C is a diva when it comes to having Internet access for the Hybrid connectors.<br>
<br>
<div id="AppleMailSignature">Sent from my iPhone</div>
<div><br>
On Aug 31, 2018, at 02:47, Dana Tong <<a href="mailto:dana.tong@yellit.com.au">dana.tong@yellit.com.au</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Arial",sans-serif;
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Arial",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">FYI it also times out and fails when the device has full Internet access.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="mso-fareast-language:EN-AU">From:</span></b><span lang="EN-US" style="mso-fareast-language:EN-AU"> cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a>>
<b>On Behalf Of </b>Dana Tong<br>
<b>Sent:</b> Friday, 31 August 2018 4:35 PM<br>
<b>To:</b> cisco-voip voyp list <<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>><br>
<b>Subject:</b> [cisco-voip] Cisco Hybrid Services Expressway Connector registration<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Hey guys,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">I keep getting a timeout when trying to register an Expressway Connector for Hybrid Services.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><strong><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif;color:#646464;background:#F7F7F7"><a href="http://hercules-a.wbx2.com">hercules-a.wbx2.com</a></span></strong><span class="apple-converted-space"><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif;color:#646464;background:#F7F7F7"> </span></span><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif;color:#646464;background:#F7F7F7">took
too long to respond.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Segoe UI",sans-serif;color:#646464;background:#F7F7F7"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">The domain is Verified in the Webex Control HUB, and the device name / fqdn is in the HUB also.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">The Expressway C box has access for TCP port 80, and 443 (http/s).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">I try to initiate the registration on the Expressway, enter my credentials, and then select the option for Cisco to manage the certificate and click register.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">It then just times out.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Any tips?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Cheers<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Dana<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>cisco-voip mailing list</span><br>
<span><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a></span><br>
<span><a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a></span><br>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
</body>
</html>