×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Not able to login in Jabber from Internet

Unanswered Question
Aug 30th, 2014
User Badges:
  • Gold, 750 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

Hi All,

Recently I have installed Presence server and trying to configure lync federation. But I'm facing a issue when we try to login in jabber from internet, actually when we try to login in jabber then it says not able to connect...But it is working from internal network.

We have assigned a DMZ ip address to CUPS then did nating with a public IP address, using this public IP we are trying to login into jabber from internet.

Can somebody plz helps me to find out the exact issue.

We have opened port 443 at firewall, do I need to configure any parameter at CUPS for this.

Thanks in advance.

Suresh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jonathan Schulenberg Sun, 08/31/2014 - 08:38
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

Jabber uses a whole bunch of ports, several of which embed IP information within the Layer7 data payloads. Unless your NAT/firewall is capable of both TLS proxy with the private key/certificate of the CUCM/IM&P servers as well as application-layer inspection to inspect/fix the payloads, this won't work. Cisco has released the Expressway-C/E product which is designed exactly for clients registering from outside the firewall without a VPN connection. This is roughly analogous to a Lync Edge pool; however, the inter-domain federation function does not run through Expressway.

If you are trying to federate with Lync, this is a separate effort from Jabber the client. There is a Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 10.5(1) guide that covers this topic.

Suresh Hudda Sun, 08/31/2014 - 08:54
User Badges:
  • Gold, 750 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

Thanks a lot Jonathan for expert advice (+5). Actually we had opened all listed ports at firewall and unfortunately it didnt work, but Im curious to know that how can I find out that NAT/firewall is capable or not  to do this. Can we find it in cups logs, if yes, then which logs we should analyse ? or do we need to have ethereal capture at firewall ?

I really appreciate your help.

Suresh

 

Actions

This Discussion