Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

What is needed to get jabber to work over DirectAccess?

What is needed to get jabber to work over DirectAccess?

I see posts about jabber not being compatible because DA uses ip v 4-to-6 ; then I find other posts saying to use MRA (not sure that this is).

What do I need to do?

Where do I start?

Everyone's tags (1)
Cisco Employee

MRA is Mobile Remote Access,

MRA is Mobile Remote Access, you can find the documentation here

Right now there is no way to use Jabber with DA as Jabber is not IPv6 compatible, you'll have to wait until Jabber is IPv6 compatible, and then the BU will determine if it's compatible and supported over other methods besides VPN and MRA.



if this helps, please rate
New Member

If i understand correctly the

If i understand correctly the newer versions of Jabber are compatible with IPv6.

We are using v 11.6.3, still when connecting to over DA we are unable to user Jabber Voice. (error: CJ:109.3). IM and presence are working fine, as well as using Voice over Lan.

*We are using the call using this computer function.

Can you tell me what we need to do to get it working using DA?

New Member

We have exactly the same

We have exactly the same issue as Maikel86nl.

We haven't been able to get any version working with Softphone (call using computer) all the way up to 11.8.0.

Eager to see the fix..... 



May I know your exact issue you facing, since I was able to resolve DA issue for one of my client where the Jabber from outside was not working with DA enabled.

However in my scenario my SIP domain for  which was split domain.

So from DA server perspective (NRPT) table for traffic pointing to was supposed to come inside via DA (enterprise DNS) and other traffic should use the internet from laptop.

Jabber user was not  getting the option to put the email id on Jabber when connected via DA and getting the error as connection failed since it was taking the UPN from AD and resulting domain was which would never yield any result since the traffic was coming via DA tunnel.

So we reinstalled the Jabber with argument (boot strap) where my service domain is and when jabber is launched with DA enabled on internet then it gave me the option to enter the email ID and this points to domain and traffic was sent via Public DNS and not enterprise DNS.



Jabber 11.8 is IPv6 Ready.

Jabber 11.8 is IPv6 Ready.

New Member

Thanks for the reply Raaj,

Thanks for the reply Raaj,

This is not our issue, we used a DA force tunnel setup although we can breakout using the NRPT if required.

We get the option to enter the email ID and password and clients can login and use IM and see presence.

You can also tether to the physical phone and use click to dial (although you're unlikely to be at your desk on DA).

What we CAN'T do is switch to softphone as it shows the same error that maikel86nl details (error: CJ:109.3).

We've had Jabber working over IPv6 for a fair few versions now so the IPv6 issue isn't affecting us either



New Member

Hi Tim

Hi Tim

Would you be happy to divulge your settings to assist with us setting this up please? This is the last piece of software I need to get functional within our environment and one of the most important too.

Any help would be appreciated!! :)

New Member

Yeah no worries, apologies,

Yeah no worries, apologies, been on holiday.

Theres no way to get this working with DA set in a "forced tunnel" config as when you add a host to the Name Resolution Policy Table in group policy or in your DA config for the expressway edge server, the DA connection fails as it cannot go down the pipe to your network to resolve and DA wont allow it to break out of the tunnel to get it from the internet.

You have to configure a split tunnel config with DA.  This allows the hosts you specify in the NRPT to break out of the tunnel and go directly to the internet.


Hello community,

Hello community,

We are having a very similar or identical problem: we are installing the Cisco Jabber solution without inconvenience in our infrastructure (LAN, WiFi, remote access via VPN, through the Firewall), but we can not run Jabber with DirectAccess.

The Jabber client automatically discovers the services in all cases (SRV records), the user is able to authenticate and use the messaging services. Even through DirectAccess, it manages to control its desktop phone (which is not really necessary if we consider that the user accesses the corporate network from his home with DirectAccess).

But the problem occurs when we want to take control of the softphone using DirectAccess. The connection is never established. By performing a packet capture in the Firewall, we do not observe SIP connection attempts, however in the Jabber log, there are records that indicate connection attempts using the IPv4 of the CUCM server instead of the FQDN (DirectAccess requires FQDN since it uses a tunnel IPv6).

All our configuration of CUCM, IM & P, etc., is made with FQDN.

Could anyone solve this problem?

Thank you.
作成コンテンツを作成するには してください