SBCE: IPO integration - One-X Mobile preferred not working

Doc ID		SOLN253734
Version:		8.0
Status:		Published
Published date:		03 Oct 2017
Created Date:		23 Jul 2014

Author:

ahmed1

Details

SBCE 6.2 or higher releases

IPO 8.x, 9.x

One-X Mobile integration with IPO 10.0 via SBC

Problem Clarification

SBCE and IPO integration - One-x mobile preferred not working on SBCE;

Cause

XMPP messages from One-X Mobile will go direct from the Endpoint to One-X Portal through the customers firewall and NOT through the SBCE
Port forwarding must be configured on the customer firewall for ports: 5222, 8443 (XMPP), from customer firewall to IPO directly
SIP ALG MUST be disabled on the user firewall
No firewall, but using separate IPs for One-X Portal and IP Office and SBCE v. 7 (this scenario isn't mentioned in below documents but does work)

Solution

One-X Mobile XMPP

Please review the "Configuring the Avaya Session Border Controller for IP Office Remote Workers" document:

https://downloads.avaya.com/css/P8/documents/100175533

Page 8 - Remote worker best practices:

For example, XMPP will go direct from endpoint to One-X portal through the firewall and not through the SBCE.

SBCE will only cater to SIP and HTTPS traffic for Remote worker endpoints. XMPP traffic must flow directly from the One-X mobile client to the One-X Portal and IPO without the SBCE intervention.

This is as per the IPO design team recommendations and hence it’s not through SBCE. User must configure “Port Forwarding” in their firewall / router to allow XMPP traffic to the One-X Portal.

If the user is not having any firewall, then they need to find a server with public IP address (other than the SBCE public IP) which can port forward to One-X Portal.

Please review the "Administering Avaya one-X Mobile for IP Office" document:

https://downloads.avaya.com/css/P8/documents/100175092

“Page 45 – Corporate Router configuration” for port forwarding details.

“Page 10 – Preferred Client Network requirements”

Preferred client network requirements

The Avaya one-X Mobile Preferred application must be able to connect through the Internet to Avaya one-X® Portal and to the IP Office system, using either a 3G network or an external Wi-Fi service. Your network setup must support this capability and cellular voice Connectivity

If you deploy Avaya one-X® Portal and IP Office behind a router or firewall, ensure that the following TCP ports can gain access through the firewall:

• Ports 5222 and 8444 must be open for Avaya one-X® Mobile to communicate with the Avaya one-X® Portal server. Port 5222 is for XMPP traffic and Port 8444 is for bootstrap REST API call traffic.

• Port 5269 must be open for the Avaya one-X® Portal server to be able to link with another XMPP server outside the company firewall.

• Ports 5060 and 5061 for VoIP and the RTP ports.

In addition, you must assign an FQDN to the public IP address of the router fronting Avaya one-X® Portal that is resolvable over the Internet. You must configure the router to forward packets destined to ports 5222, 5269, and 8444 to Avaya one-X® Portal. Perform this by creating port forwarding rules on the router.

If deployed without a firewall, split-horizon DNS, AVAYA One-X Portal and IP Office using unique IPs along with SBCE v. 7 when setting the application relays in SBCE make sure to use the One-X Portal IP and not the split-horizon (public-private) domain name. In SBCE v. 7 there is only one filed for this compared to version 6.3 and lower there were two fields for this in the application relays.

Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy