Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address 10

Status
Not open for further replies.

dsm600rr

IS-IT--Management
Nov 17, 2015
1,444
US
Hello all,

Since we are locked down in quarantine, I have been messing with more Avaya Goodies - Specifically for remote worker support so I have began messing around with Avaya IX Workplace. Lets just start off by saying I am completely new to this offering and have never seen anyone set it up to reference.

So I am going off the .pdf and have some questions as I am following along.

Here is the .pdf I am following, starting on page 109 "Avaya IX Workplace Client Installation Notes(Equinox)"

Below is the part that is confusing me. I do not see any further information in the .pdf in regards to what they mean with the below statement or the process to make it happen.

"The system's SIP Registrar FQDN must be set and must be reachable from external addresses. For Avaya Spaces this applies even if the Avaya IX Workplace Client users are internal to the customer network."

Otherwise, below is what I have done thus far. Any suggestions are greatly appreciated:

- Configured a Zang account
- Added us as a Company
- Added and Verified our Domain (entered in the verification code and added it as a TXT record to the DNS entries on our domain's DNS server)
- Created a new API Key and Secret Key and entered into the security settings of the IPO
- Logged into the IPO and set the following:

1_xm3swl.jpg


I have not moved any further in the document as of now.

Thank you.

ACSS
 
JazzWizzard: I really appreciate the info! I will give it a go.

ACSS
 
We should be all set with the sub-domain being resolvable from the outside at this point.

DNS_adutj5.jpg


ACSS
 
Thanks to you dsm600rr and kudos to everyone else. With the current events I have been also exploring Workplace IX. I've been trying to get this working for months now. I was able to have it to work on my LAN and on VPN. Not sure If you got it to work outside your local LAN dsm600rr but was JazzWizard referring to this screen below:
FQDN_uydniv.png


Thanks in advance.
 
I am back to re-visit. I am trying to understand the certificates and getting TLS Encryption working before we point our Internal DNS A Record to the PBX

So I have gone to IP Office Web Manager > Security > Certificates and Exported the Certificate - In which I Re-Named "WebRootCA.pem"

Cert_da2dja.jpg


Does this cert get uploaded to the embedded file management primary folder? I also see a mention of folder: /SYSTEM/PRIMARY/certificates/TCS/ADD

I also understand I need to create an Identity Certificate for the IPO.

I have an Avaya IP Office PBX with VM Pro running on an application server. Within the voicemail pros Application Server Web Control > Settings > General I do see a spot to create the certificate however I am not sure if this is the correct stop (for example if the customer does not have an application server running, where would this certificate be created)?

Cert2_tvaiik.jpg


ACSS
 
I think that we are stuck almost at the same level. Let me verify what I have.
 
To start I don't have "Offer ID Certificate Chain" on. I'm sure our setup won't be identical but just letting you know how I have it.
off_cjsurv.png
 
I export 2 certs from The Web management that I installed so far on windows clients. For mobile devices (tested only with iphone) I was not necessary.
 
@ derfloh do you know if we are filling the IPO LAN fields correctly? I didn’t filled the SIP Domain Name nor SIP Registrar FQDN and my system is working fine in the office and VPN. I do have both checkbox checked SIP Trunk Enable and SIP Trunk Registrar. I can’t find any documentation really that could guide me to set this up from start to finish. I’m stuck to have it working outside of the LAN and VPN.
 
@dsm600rr. I think that you should have your softphones working on your LAN at least at this point.
 
@derfloh I forgot to mentioned that I already have that checked. See below. Do you know if it's required to fill the SIP Domain Name and SIP Registrar FQDN textboxes with the FQDN that I created. So far I want to say that I'm 50% where I want to be since I have it working on my LAN and on VPN for laptops and on an iphones. For some reason It's not working outside my network. It could be the firewall but I want to be sure that I'm not missing any configuration for the IPO. I'm basically had it work by searching and asking around, got some tech support too. But so far I didn't made any more progress.
def_hlecgf.png
 
@Sparrow4 I have IX Workplace working perfectly internally - and auto configuring. This has been the case for months.

Where I am stuck is TLS and the certificates needed. I have read the documents many times - just cant get this part figured out.

I cannot get my vantage phone working internally. I get up to the spot with the screen showing the 3 people in the office looking at a laptop.

ACSS
 
Sparrow4: yes you need to populate the SIP Domain Name and SIP Registrar FQDN Fields.

ACSS
 
@dms600rr now I get it.. yikes ok. I don't have Vantage Phone implemented. I don't think that it should matter but I'll see if I find anything. Do you have the workplace working outside your network? is that the reason why you need the to setup TLS and the certs... sorry for the questions I'm new to all of this.
 
Sparrow4: I do not. When doing so you need to enable TLS under the Layer 3 protocol.

The IPO will act as the Certificate Authority in which you need to download the Root CA. I believe I already did that however I am not sure.

I exported the certificate from here:

1_gt9ftl.png


and renamed it: "WebRootCA.pem" per the documentation. I am not 100% sure where to place this certificate.

My next hang-up is creating an Identity Certificate for the IPO itself. This brought on a few questions:
1. I have an Avaya IP Office PBX with VM Pro running on an application server. Within the voicemail pros Application Server Web Control > Settings > General I do see a spot to create the certificate sure if this is 2. What if my customer only has an IPO and is not running an application server where would this certificate be created? I do not see anywhere within web manager nor the security settings to do so.
3. I am not sure if the certificate was created correctly in the first place:

2_qbrr3q.png





ACSS
 
@dsm600rr no progress on my end sorry. I'm still looking. I just ended up finding out that I also have to fill the "Network Topology" tab [surprise][sadeyes][surprise]. I wish there was a better documentation on how to set this up. Anyway I'll keep you posted.
Be safe.
nettop_ovxtst.png
 
Sparrow4,you can use a STUN server such as stun.counterpath.net to fill the information on that tap. You enter a STUN server and then press "Run STUN" and it will fill the public IP and the type of Firewall/NAT.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top