OnexMobile Sip client on UCM

[JimmyBond007]

Hi
IPoffice on 9.1.4
UCM running VMPro & OnexPortal
Avaya onex voip mobile app client connects and works like a charm on 3g and 4g network using FQDN.
Soon as I go on the customers wifi network I get voip partially connected? with my laptop on the wifi I can ping the FQDN and get a reply from the UCM. I've changed the xmpp to the internal ipaddress of the ucm and in the app I changed the server setting to the internal ip and the same thing comes back, voip partially connected.
FQDN to me is working and i'm told by the IT company there is no internal port blocking its got to be the server so i'm a little confused because it works fine off of the wifi network. Any assistance would be great. i'm back onsite tomorrow morning.

Thanks

 

[JRTrevino]

See attachment. If IPO with Linux app server, or IPO with one x portal server, you need to ensure proper NAT and firewall policies are in place for each network entity.

If Server Edition, then everything just points to the same internal IP from the outside world.

This is IP500 with one x portal server:
- We need one fully qualified domain name for your IP500v2 control unit, and one fully qualified domain for your One X Server, such as ipo.yourdomain.com and 1xp.yourdomain.com, respectively.

- We need a public IP address to be designated for your Avaya IP Office applications.

- DNS Records will need to be configured for the FQDNs provided.

o An internal DNS record will point to the internal IP address corresponding to each FQDN.
 For instance, inside your network ipo.yourdomain.com will point to 192.168.1.130, and 1xp.yourdomain.com will point to 192.168.1.131.
o An external DNS record for each FQDN will need to be pointed to the public IP address you have designated for Avaya IP Office applications.
 For instance, outside your network ipo.teknova.com and 1xp.teknova.com will both point to the public IP address provided (EG: 99.98.97.96)

- Your firewall will need to be configured with the following NAT and firewall access policies
o The following ports will need to be forwarded and translated, from the public IP address provided, to the internal IP address of the One X Server (192.168.1.131 aka 1xp.yourdomain.com)
 TCP ports 8080, 8086, 8443, 9443- HTTP/HTTPS access for One-X Portal.
 TCP ports 5222, 5269- XMPP/Presence authentication and federation
 TCP ports 8063, 8069- Flare and One X Web Socket delivery
 TCP ports 8444- One X mobile Access
o The following ports will need to be forwarded and translated, from the public IP address provided, to the internal IP address of the IP500 control unit (192.168.1.130 aka ipo.yourdomain.com)
 TCP and UDP ports 5060 and 5061- SIP
 UDP ports 49152 to 53246- RTP traffic (audio)
• The RTP traffic range can be modified on the Avaya system
o To ensure full connectivity, please ensure these are corresponding inbound NAT policies and outbound NAT policies.
o Please ensure no other policies are overriding or blocking traffic for these ports.

 

[JimmyBond007]

It's a IP500v2 With a UC Module.
When I've set them up in the past on 9.1 I've only ever used 1 fqdn on the onex and then on the lan setting of the ip500 and never had a problem? and like I say it works perfect off of the internal network. So why can't it connect on the internal network?

 

[JRTrevino]

Have the FQDN entered on the VOIP tab of the LAN1 tab of the IP500v2?
Have SIP remote ext checked on?

LAN1 Network Topology Tab:
have the correct public IP?
Public ports: EDP/TCP 5060 and TLS 5061?

If all the above is correct

One X portal Server admin: correct FQDN listed there?

If that's good, then firewall and NAT policies aren't setup right.

My bad. Internal doesn't work. Internal DNS records not setup.

 

[JimmyBond007]

But then from my laptop connected to the internal wifi I ping the FQDN and I get a reply from the correct IP address? So doesn't make sense to me and to me that says the internal dns is setup doesn't it?

 

[intrigrant]

If you ping the FQDN on the internal network what IP Address is shown?
I have set it up with split DNS without a problem on IP500v2 9.1.4 with a UCM.
Is the local LAN and the Wireless in the same subnet?

 

[amriddle01]

Internally the DNS should resolve to the internal IP, most routers don't like traffic tromboning back in on itself and that would explain the audio issues

 

[intrigrant]

Also if the Wifi isn't in the same subnet then it is not configured as a bridge but it will use NAT which blocks audio one way.

 

[JimmyBond007]

I don't get an audio issue the app just says VoIP partially connected. In the monitor trace I don't see anything where as when on the 3G or 4g network I see all the sip authentication and everything else you should see when it works, which it does. Just not on the internal network.
One X portal works on the customers pc's
When I ping the FQDN I get the UC modules IP address.
Yes it's all on the same subnet
In my office of got it on split dns on another customers site split dns works all on 9.1.1 and 9.1.3. Customer has a IT company and seem helpful enough.

 

[derfloh]

You need a second FQDN for the IPO tthat is internally resolved to the IPO's IP address.

 

[JimmyBond007]

Why do I require a second FQDN and how is that going to work? The app registers to the onexserver which it does when it's not on the local lan the issue is when your on the local lan the app then says VoIP partially connected? The FQDN when pinged you get a reply back from the UC module (which is running the onex) which is correct so that tells me it should work but doesn't maybe I'm be a bit to simplistic?

 

[Pepp77]

Because it needs to then connect to the actual IPO to register the VOIP. Externally this is done by your NAT rules, internally this is done by split DNS.

So just setup an internal DNS entry pointing your IPO FQDN to the IP address of the IPO. this is the FQDN in the VOIP tab on the IPO.

| ACSS SME |