Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASBCE and Remote Workers - Possible Reverse Proxy or DNS Issue?

Status
Not open for further replies.
dsm600rr

dsm600rr

IS-IT--Management
Nov 17, 2015
1,444
US
Hello all,

So I have my ASBCE configured per the "IP Office SIP Phones with ASBCE R11.1 FP1" Document.

I currently have an Active working SIP Trunk on the ASBCE as well.

Internally, I can hit the PBX from the FQDN:

1_gago61.png


Also, Internally the IX Workplace App Works.

I have confirmed that outside my network, a nslookup / dnschecker resolved to the public IP of my ASBCE and internally nslookup resolves to my IPO

Outside my network, I cannot get the the IPO with the FQDN with a Web Browser.

Outside my network, on cellular data, IX Workplace just hangs however never logs in (no green check) - however never shows an error.

I have my Internal DNS Server on the IPO, however on my ASBCE I only have 8.8.8.8 / 8.8.4.4 - does this need to include my Internal DNS Server as well on the ASBCE?

When I run a tracesbc, as soon as I log into the IX Workplace on my phone on cellular data I see data to start rolling in in regards to TLS Handshake however not seeing any errors here either:

tracesbc_xqmgoj.png


ASBCE Trace on port 5061

3_wxxarl.png


4_sztiui.png


Thoughts on trouble shooting?

ACSS
 
Sort by date Sort by votes
When you restart the SBCE application, do you also see TLS messages between A1 and IPO? And what about the logs on the sbce. Anything usefull in the incidents? For resolving the IPO IP, you need the internal dns. The client on wifi or 4G will use the carriers dns to resolve to the B1.

Freelance Certified Avaya Aura Engineer

 
Upvote 0 Downvote
And I’d suggest you use the reverse proxy to only allow the 46xxsettings.tx, 46xxspecial.txt, /tpkt/mtcti/ for presence, the IPO root certificate and maybe upgrade files for hard phones.

Freelance Certified Avaya Aura Engineer

 
Upvote 0 Downvote
G van Hamburg: "When you restart the SBCE application, do you also see TLS messages between A1 and IPO?" -

When I select "Restart Application" on the SBCE, below is what I can see:

1_a8jc2g.png



"Anything usefull in the incidents?"

See Below - lots of errors like this:

5_irx6if.png




"For resolving the IPO IP, you need the internal dns."

Would I update the DNS here?

2_ba6w6w.png


When I do so, it seems to update it on both Internal and External Interfaces and "Diagnostics" Fails of course on the public interface:

3_knkt1x.png



"And I’d suggest you use the reverse proxy to only allow the 46xxsettings.tx, 46xxspecial.txt, /tpkt/mtcti/ for presence, the IPO root certificate and maybe upgrade files for hard phones. "

Like so?

HTTPS

HTTPS_iawtdo.png


HTTP

HTTP_zzguqm.png


ACSS
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

vtt2019
  • Locked
  • Question
User Portal - Remote Access through ASBCE
Replies
6
Views
603
derfloh
derfloh
jokermia
  • Question
Remote Access Issue - R9.0 and Up - Failed to Communicate
Replies
5
Views
251
nnaarrnn
nnaarrnn
sheldoom
  • Locked
  • Question
ASBCE Factory Default
Replies
1
Views
355
derfloh
derfloh
scudworth
  • Locked
  • Question
ASBCE Server Flow failover
Replies
2
Views
411
Alfalis
Alfalis
OmegaStar
  • Locked
  • Question
ASBCE change Contact Header
Replies
12
Views
1K
derfloh
derfloh

Part and Inventory Search

Sponsor

Back
Top