Avaya IPO One-X Mobile Preferred through VPN

[PeterG911]

Hi all..

Our customer is using IPO 500v2 R9.1.10 The customer wouldn't like to use a Avaya IPO One-X Mobile as a VOIP Mode. They would want to use their own VPN connection .. The customer is using their VPN. Port forwarding rule has not been done yet. Customer tell all the ports Opened locally.
First Attempt the mobile application is fully connected, a while its become partially connected. we can make a call from it through desk phone (all IPO contact now in the mobile phone), not ringing when receiving and when the caller hang up the calls appears in missed call.
I am testing Avaya One-X mobile with voip on the following scenario:
However voip is not working. When I turn on voip, the Icon on my mobile yellow with an error : The application is operational with the exception of the VoIP feature which is experiencing problems registering with the server. (error 16:0) / or ( error:13)
I have setup and follow Avaya Document and all threats on this fourm:
- VoIP feature will only be available on the application if:
- User license is ‘Power user’
- VoIP is enabled for the user in IPO Manager Done
- G.722 enabled and selected on IP Office in the Codec tab in the System form
- The client supports G.711a/mu, G.722 and G.729A
- Under Menu key->Settings->VoIP Operation Mode choose Wifi only when Mobile Fallback
- Port 5061 is TLS on the IPO option checked.
- I can connect to the one-x portal interface web interface on the computer with this login.
- This is my topology
172.26.0.254 is my ipo 500 box
172.16.0.131 is my one x portal server ( XMPP: AVAYA.KADDB.COM)
LAN >> VOIP : H.323 GateKkeeper Enabal (checked), H.323 Remote Ext Enable (Checked), Auto Create user and Ext Checked.
SIP Trunk Enable, SIP Register Enable, Auto Create Ext/User, SIP Remote Extn Enable. (All is Checked)
Domain Name: AVAYA.KADDB.COM
TLS checked
User >> Power User, Enable One-X Portal Service, Enable Remote Worker, Enable Mobile VOIP Client.

Seeking for your kind response..Thank you..

 

[PeterG911]

Nothing Advice ....

 

[AACon]

You need to have a separate FQDN for the one-x and the IPO. The one-x client should use the one-x portal fqdn.
Each should resolve internally to the correct IP. Externally they can resolve the same IP (over wan, not over VPN), as long as the proper ports are forwarded.


-Austin
I used to be an ACE. Now I'm just an Arse.

 

[PeterG911]

Hi ...

I set another FQDN in the IPO, the user now when they on VPN, when explorer the Avaya.KADDB.COM, the ISS Page of the server appears.
this mean that we can reach the server from VPN.
when AVAYA.KADDB.COM:8888 , the ContactStore Webpage reflects
when AVAYA.KADDB.COM:8443 , the page cant be displayed.

is this could cause the partially connected problem?

Thanks

 

[PeterG911]

Hi ...

when I try to connect to avaya.kaddb.com, not working
when I try to connect to 172.16.0.131 also not working, but when try with 172.16.0.131:8443 it connected partially
same same when try SIP Extnestion.
the customer show me all the traffic on the fortinet firewall, show me that all its allow on TLS, on service coming from tcp/8444 or 5222/tcp

Please Advice .

 

[IPOfficeGuru]

This will sound trite. Hire an Avaya Business Partner when it comes to One-X portal applications/design work. Way too many variables going on.

"Never fear billing a client for services rendered, or they will think your time is worthless"

 

[PeterG911]

Hello ...

I'm sorry I hesticiate you but I have a customer not understand me.
Iam replay with him with the following, is my replay is correct as I understand.

After spending some time trying to get One-X Mobile to work internally through your VPN, and after minuets of meeting yesterday with the IT department, I want to explain again the way the one-x can operate in your IT environment.
When Start Avaya one-X Portal Installation on the Server IP Address (172.16.0.131), the last step is to fill out the XMPP Domain, which is the server ID we must fill when connect to one-x mobile (FQDN that the Avaya one-X Mobile Preferred client uses to register with the server), in our case we found populate the XMPP domain name on the serveras: (Avaya.Kaddb.com).
This mean that your company has its own inside private DNS Server, which will have several servers and services available for lookups. These will have their own internal IP addresses, not public ones. For the Avaya mobility clients, the IP Office and the one-X Server need to have the same FQDN name as the public DNS servers have for them.
In your case as you use your VPN client, you don’t need the FQDN be accessible from the Internet, if you want to use Avaya one-X® Mobile outside your WLAN. Avaya recommends that you use a split DNS so that the server name outside your WLAN resolves into the public IP address of the NAT or firewall.
Also, the server name inside your network resolves into the private IP address on the LAN. The fully qualified domain name must be resolvable using the local DNS.
The summary of above, we are using a “Split DNS” configuration which simply means that we have DNS records for domain.com on our internal DNS server(s) as well as external DNS server(s). The Internal DNS Server has the records that point the Fully Qualified Domain Name (FQDN) of each server to the internal IP addresses and the External does the same with the external IP addresses. It is important that these names and addresses be established before doing any configuration of the IPO or the One-X Server. (don’t need external on our case)
In our records the following DNS records were created;
Internal DNS Server Records
ipo.kaddb.com -> 172.26.0.254
avaya.kaddb.com -> 172.16.0.131
In our case we can’t reach this FQDN via one-x mobile, I know that you show me that is reachable inside your network. This one way must and should be used to connect to one-x mobile not through the IP and port number. After this when get access to FQDN when connect to one-x and still partially connected then we can troubleshoot and diagnostic our configuration and look up to your firewall ports, as you all is open. Iam already sent it to you and attached it again captured from Avaya doc.
((In addition to the mapping of domain names to IP addresses, the same public DNS Servers can do other types of lookups. There are at least 20 types of DNS lookups. The Type “A” , maps names to IP address, Type “NAPTR”, is used for mapping SIP URIs to IP addresses, and type “SVR” will map Services, like SIP and XMPP, to Host names, like IPOFFICE.home.abcdef or one-X. home.1234)), I think your DNS is “NAPTR” look up whic is mapping URI to IP address, in our case type “A” Should be used.
The Server ID is the FQDN of your One-X server. Ours is avaya.kaddb.com, your user name and password are the same as configured in the IPO user menu.
Now, as long as you have all of the proper licensing, your should see the Avaya One-X Mobile Application show fully connected and ready to go!