×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address
5

Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
Hello all,

Since we are locked down in quarantine, I have been messing with more Avaya Goodies - Specifically for remote worker support so I have began messing around with Avaya IX Workplace. Lets just start off by saying I am completely new to this offering and have never seen anyone set it up to reference.

So I am going off the .pdf and have some questions as I am following along.

Here is the .pdf I am following, starting on page 109 "Avaya IX Workplace Client Installation Notes(Equinox)"
https://files.engineering.com/getfile.aspx?folder=...

Below is the part that is confusing me. I do not see any further information in the .pdf in regards to what they mean with the below statement or the process to make it happen.

"The system's SIP Registrar FQDN must be set and must be reachable from external addresses. For Avaya Spaces this applies even if the Avaya IX Workplace Client users are internal to the customer network."

Otherwise, below is what I have done thus far. Any suggestions are greatly appreciated:

- Configured a Zang account
- Added us as a Company
- Added and Verified our Domain (entered in the verification code and added it as a TXT record to the DNS entries on our domain's DNS server)
- Created a new API Key and Secret Key and entered into the security settings of the IPO
- Logged into the IPO and set the following:



I have not moved any further in the document as of now.

Thank you.

ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
derfloh: Corrrect, not even sure what a "SIP FQDN" is or how to "Set up". Is it in the documentation? I do not see it.

Also, SSA was showing this:



ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
derfloh: I currently have the IPO LAN 2 SIP Registrar FQDN with the IP Address of itself.

The WAN is currently acting as the DHCP server for my J179's as well as where the SIP Trunk comes in.

The LAN is on our internal data network for One-X / Local PC Access to PBX



ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
derfloh: 5 years and aced my ACSS Exam, so I have some experience with the IPO. I am the only Avaya guy in my company so knowing everything is pretty much impossible haha.

The whole point would be to connect external (remote workers) - Currently using Communicator.

ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
derfloh: I am aware that an internal IP Address will not work.

When I was at Jenne for ACSS and we were doing exercises on the J100's, they had the SIP Registrar FQDN set to the IPO LAN IP Address, so I just assumed that was required for the J100's?

Guessing that was there for other reasons and all lab work was internal.

ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

The certificate warning is probably the connection to Zang, you need to import the certificate from Zangs webpage to IP Office if you want user zync to work, dunno why this isn't mentioned or why it isn't trusted as default.

"Trying is the first step to failure..." - Homer

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
janni78: Appreciate the info. Where can the certificate be downloaded from when logged into Zang? What is the process to upload the certificates to the IPO?

Clearly I have not yet dealt with Certificates or FQDN :)

How can you confirm what is actually connected and working? I am assuming I need to get this "public resolvable FQDN and a SIP domain" figured out before anything will work? Is this what connects the IPO to "Spaces" and then "IX"? What is "Zang" doing exactly?

Also not sure what to do here: "you need a valid certificate and a root CA trusted by the clients"

Definitely new to all this remote worker stuff. Previously we always just deployed VPN Phones.

ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

Open https:/accounts.zang.io with chrome, klick on the padlock, sho the certificate and download the issuing certificates GTA and Google.
Then upload the certificate to IP Office in security settings - trusted root certificate authorities.

As soon as you configured Zang user sync you IPO users will be visible in your Zang domain if you enable this. And Zang will automaticall know the URL of your 46xxettings.txt.

The IX Workplace clients connects to Zang, you will enter youe eMail address, Zang will know your domain, Zang will inform the client about the settings file URL. You have to just enter username and password afterwards.

You can also avoid Zang and just enter the settings file URL in the client app.

As soon as you use TLS encryption (and that's strongly recommended!) IP Office will need a server certificate, that matches the DNS name and SIP Domain the client connects to and the client has to trust the issuing CA of that certificate.

Even if without ASBCE this document gives good hints: https://downloads.avaya.com/css/P8/documents/10104...

If it's completely new, I recommend to ask someone to help you.

IP Office remote service
Fixed price SIP trunk configuration
CLI based call blocking
SCN fallback over PSTN

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
derfloh: I definitely appreciate the detailed post. You clearly have been doing this a long time.

I am asking for some help/guidance here as the most knowledgeable people are here :) Star for you.

Anyway, one thing at a time. Back to the certificates. Which format does the IPO Need?

ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

I usually pick Base-64, both .cer formats probably work.

"Trying is the first step to failure..." - Homer

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
janni78: Thank you. Is the file name important?

ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
Hello all,

So I have made some progress just messing around with things

In the office (local LAN), I have everything configured where I just enter in my email address, extension and password and the app pre-configures and allows me to log in and take calls.



I have a subdomain created: ix.our_domain.com A record that is pointed to the Public IP Address of our firewall.

Using dnschecker.org I can see that the subdomain is resolvable to the public IP Address of our Firewall.

I will then Have my Firewall guy forward the specific ports and hosts listed in the document to the IPO?





At that point should the Workplace App work from anywhere outside of the LAN?

If so, great. The next step I believe should be the TLS Encryption, however I have never really messed with Certificates within the IPO. Is only a TLC Cert needed for the IPO. Is this manually created? Suggestions here would be great.

Thank you!

ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

Here's the step needed to make this cert work:

If you use the IPO as the certificate authority, then you need to download the IPO root CA and install it into your computer.

Then you need to create an identity certificate for the IPO itself.

Subject Name: hostname.domain.com (example iposrv.mycompany.com)
Subject Alternative Name: DNS:mycompany.com, DNS:iposrv.mycompany.com, IP:192.168.42.1 (internal IP of your IPO), IP:172.45.15.26 (external IP), URI:sip:mycompany.com

Make sure that you have a SIP domain and SIP FQDN configured in Manager under System/LAN1/Voip. The SIP FQDN must be the same you use in the certificate (obviously). I personnaly use the hostname of the IPO for the SIP FQDN like I showed above. This FQDN must be resolvable by DNS! In your internal DNS server, the A record for, say. iposrv.mycompany.com must point to the internal IP of your IPO. You'll also need to do the same thing on your external DNS server so that iposrv.mycompany.com is resolvable from the internet as well. This is what's called split-dns.

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
JazzWizzard: I really appreciate the info! I will give it a go.

ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
We should be all set with the sub-domain being resolvable from the outside at this point.



ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

Thanks to you dsm600rr and kudos to everyone else. With the current events I have been also exploring Workplace IX. I've been trying to get this working for months now. I was able to have it to work on my LAN and on VPN. Not sure If you got it to work outside your local LAN dsm600rr but was JazzWizard referring to this screen below:


Thanks in advance.

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
I am back to re-visit. I am trying to understand the certificates and getting TLS Encryption working before we point our Internal DNS A Record to the PBX

So I have gone to IP Office Web Manager > Security > Certificates and Exported the Certificate - In which I Re-Named "WebRootCA.pem"



Does this cert get uploaded to the embedded file management primary folder? I also see a mention of folder: /SYSTEM/PRIMARY/certificates/TCS/ADD

I also understand I need to create an Identity Certificate for the IPO.

I have an Avaya IP Office PBX with VM Pro running on an application server. Within the voicemail pros Application Server Web Control > Settings > General I do see a spot to create the certificate however I am not sure if this is the correct stop (for example if the customer does not have an application server running, where would this certificate be created)?

ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
Does this look correct?



ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

I think that we are stuck almost at the same level. Let me verify what I have.

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

To start I don't have "Offer ID Certificate Chain" on. I'm sure our setup won't be identical but just letting you know how I have it.

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

I don't have documentation to configure VM pro in my notes

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

I export 2 certs from The Web management that I installed so far on windows clients. For mobile devices (tested only with iphone) I was not necessary.

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

@ derfloh do you know if we are filling the IPO LAN fields correctly? I didn’t filled the SIP Domain Name nor SIP Registrar FQDN and my system is working fine in the office and VPN. I do have both checkbox checked SIP Trunk Enable and SIP Trunk Registrar. I can’t find any documentation really that could guide me to set this up from start to finish. I’m stuck to have it working outside of the LAN and VPN.

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

@dsm600rr. I think that you should have your softphones working on your LAN at least at this point.

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

@derfloh I forgot to mentioned that I already have that checked. See below. Do you know if it's required to fill the SIP Domain Name and SIP Registrar FQDN textboxes with the FQDN that I created. So far I want to say that I'm 50% where I want to be since I have it working on my LAN and on VPN for laptops and on an iphones. For some reason It's not working outside my network. It could be the firewall but I want to be sure that I'm not missing any configuration for the IPO. I'm basically had it work by searching and asking around, got some tech support too. But so far I didn't made any more progress.

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
@Sparrow4 I have IX Workplace working perfectly internally - and auto configuring. This has been the case for months.

Where I am stuck is TLS and the certificates needed. I have read the documents many times - just cant get this part figured out.

I cannot get my vantage phone working internally. I get up to the spot with the screen showing the 3 people in the office looking at a laptop.

ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
Sparrow4: yes you need to populate the SIP Domain Name and SIP Registrar FQDN Fields.

ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

@dms600rr now I get it.. yikes ok. I don't have Vantage Phone implemented. I don't think that it should matter but I'll see if I find anything. Do you have the workplace working outside your network? is that the reason why you need the to setup TLS and the certs... sorry for the questions I'm new to all of this.

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

(OP)
Sparrow4: I do not. When doing so you need to enable TLS under the Layer 3 protocol.

The IPO will act as the Certificate Authority in which you need to download the Root CA. I believe I already did that however I am not sure.

I exported the certificate from here:



and renamed it: "WebRootCA.pem" per the documentation. I am not 100% sure where to place this certificate.

My next hang-up is creating an Identity Certificate for the IPO itself. This brought on a few questions:
1. I have an Avaya IP Office PBX with VM Pro running on an application server. Within the voicemail pros Application Server Web Control > Settings > General I do see a spot to create the certificate sure if this is 2. What if my customer only has an IPO and is not running an application server where would this certificate be created? I do not see anywhere within web manager nor the security settings to do so.
3. I am not sure if the certificate was created correctly in the first place:




ACSS

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

@dsm600rr no progress on my end sorry. I'm still looking. I just ended up finding out that I also have to fill the "Network Topology" tab surprisesadeyessurprise. I wish there was a better documentation on how to set this up. Anyway I'll keep you posted.
Be safe.

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

Sparrow4,you can use a STUN server such as stun.counterpath.net to fill the information on that tap. You enter a STUN server and then press "Run STUN" and it will fill the public IP and the type of Firewall/NAT.

RE: Avaya IX Workplace Help - SIP Registrar FQDN must be set and must be reachable from external address

Thanks @JazzWizzard. Much appreciated. I'll push it during my off business hours.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close