Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Expressway-C/E VPN-less Jabber DNS issues


I just deployed the VCS 8.1 ova for the Expressway-C and Expressway-E about the demo of VPN-less Jabber. It is successful for me to configure the Expressway-C and the Expressway-E, but I don't know how can I work on the jabber on the outside.

How to identify the internal and the external domains

My Expressway-C, CUCM, Presence server domain is: company.local

My Expressway-E with dual networks domain is:

As the outside Jabber, then I should type the <username>@company.local OR <username> Where's the translations? The outside Jabber will lookup the internal DNS SRV records 1st, then lookup the external DNS SRV record? jabber-config.xml to control that? (XML: <Policies><RemoteAccess>ON</RemoteAccess></Policies>)

Actually: I just want to the jabber reg. to the CUCM, because that is the free.

I added the DNS SRV record on the external domain "". How can the outside Jabber cannot reach the internal DNS SRV records, then reach the collab_edge DNS SRV record?

Then the edge will find the zone cline and go to the Expressway-C to CUCM?

New Member

Re: Expressway-C/E VPN-less Jabber DNS issues

It was successful to login the VPN-less Jabber with IM only through the Edge, but it is fail to associate the phone (fail to connect the CUCM). Any Configuration Im missing?

PS: I make the lab as the same domain between the internal DNS server and external DNS server.


New Member

I am having the exact same

I am having the exact same problem.  The 5066 port DID work for me and now my trunk is functioning.  And I can get IM/Unity to work, but the phone services are not working.

New Member

Hi, To get phone services in



To get phone services in VPN-less jabber you need to add a Digest User 




It happened to me when I was

It happened to me when I was setting up Edge; you have to change the default SIP port on the neighbor zone that is pointing to the CUCM to something else, then change the SIP Trunk Security Profile port on the CUCM to match it (You will need to Copy de default one in order to save it after making the changes).


On the Neighbor Zone I changed the SIP port from 5060 to 5660 and then changed it on the SIP Trunk Security Profile; there is no need to change the SIP Trunk port (just a reset) since it only affects inboud connections towards the CUCM; after you do that, Jabber will get Phone Services.





New Member

Hi espereir, Really Thanks

Hi espereir,


Really Thanks for your help!

Actually, that can formed the CUCM <TLS> Expressway-C as the TLS 5061, 5560, and TCP 5660. But it still fail to connect the Phone Service at the outside.

New Member

Hi espereir, Is it successful

Hi espereir,


Is it successful on the iPad IOS 7 w Jabber 9.6.1? Windows on Jabber 9.6.1? Mac on 9.6.1?

New Member

Hi, Any update on this? I am



Any update on this? I am facing the same issue.

New Member

Your Jabber ID is defined

Your Jabber ID is defined within CUCM and CUPS and typically this would be the same as your e-mail address. Following the standard SIP URI = MAIL. You would log into Jabber with your primary SIP URI as it is synchronized from LDAP. Typically this directory setting is "mail".



_collab-edge._tls should only be resolvable by your Jabber clients outside of the network. Inside of the network the Jabber client should only resolve _cisco-uds._tcp.

All of your server DNS structure can be different than your primary SMTP. However, your certificates will all need to be valid regardless of name. Your CA must be able to issue certificates for .local.

CreatePlease login to create content