Solved

Cisco UC520 integration with Exchange 2013

Posted on 2014-02-06
30
970 Views
Last Modified: 2014-05-23
I would like to integrate our phone system with exchange.

We are running Exchange 2013 CU3
Cisco UC520 runs
Cisco IOS Software  UC500-ADVIPSERVICESK9-M  
Software Version  15.1(4)M6 / CME 8.6  

I cant seem to find any step by step instructions for this setup or the list of features that become available once integrated.
Some of the features we are interested in is having access to voicemail in outlook and being able to click on a phone number in outlook contacts and have your Cisco IP 7945G phone set dial it automatically. Keeping in mind we have to dial 9 to get out so some sort of rule needs to acomodate that.

Once this is done I would like to integrate UC520 with our Lync 2013 as well unless someone thinks doing the Lync integration first is preffered.

Any help is appreciated.
Thanks
0
Comment
Question by:baysysadmin
  • 17
  • 11
  • 2
30 Comments
 
LVL 20

Expert Comment

by:agonza07
Comment Utility
You need Cisco Unified CallConnector to accomplish this.

http://www.cisco.com/en/US/products/ps11694/index.html
0
 

Author Comment

by:baysysadmin
Comment Utility
hi
Thanks for reply

Can you tell me the actual benefit of seting up unified messaging in exchange?
What features become available?

Thanks
0
 
LVL 20

Expert Comment

by:agonza07
Comment Utility
There's two things to look at here.
1) Cisco Unified CallConnector - allows you to do click to call, call logs on your screen, quickly search and dial contact from Outlook.
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7046/ps7274/data_sheet_c78-655143.html

2) Exchange Unified Messaging - make Exchange your repository for voicemail and email. Play voicemails from Outlook and do speech to text conversion.
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
Comment Utility
What you need first is to enable the feature On UC520 that will allow IMAP connections.
I this this is under the additional application option. (Are you using CCA)?
You then need to configure the CUE mailbox/logins to login and access the data
Using a web browser.
Http://10.1.1.1

You could configure the CUE to email the voicemail to an email address.

Here you would need to make the logins members imap user to allow imap access.
Outlook will effectively have two email accounts through which the user will be able to listen and delete the messages.

https://supportforums.cisco.com/docs/DOC-9688/
0
 

Author Comment

by:baysysadmin
Comment Utility
Hi
Ive enabled the IMAP and I can see my session in the logs, but outlook just keep prompting for password, it wont accept my cretedntials that are stored in CUE.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
You need to use a web browser to the CUE IP.  This should be the same IP as your phones.
i.e. 10.1.10.1 if you did not change the defaults.
0
 

Author Comment

by:baysysadmin
Comment Utility
I can login to the CUE browser web console using the account but when I setup a IMAP account in outlook using the same login and CUE IP it wont authenticate.
For email i entered name@10.1.10.1 but no luck.
I can see the session in CUE from my workstation but thats as far as I got.
Ive enabled all the settings for that username in CUE required for IMAP connection.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
You need to make sure that the user (login) is a member of the vm-imap and broadcasters group.
Do you set the password, or did you let it set the initial one?
Under configure, look at the users and the groups to which they belong.

Then check the settings on the extension.
0
 

Author Comment

by:baysysadmin
Comment Utility
Ok im getting closer.
I added my account to those groups.
Now outlook accepts the incoming credentials and server but for outgoing test it gives me this error.
421 4.3.2 System not acc
I tried setting the outgoing auth to be same as incoming but got same error.

Also when i open the inbox for this newly added account in outlook i see 1 voicemail entry with attachment icon but the body is blank and no data or attachment are found inside the email. The size is 268KB
The status for this account is connected.
If i mark the message UNREAD, my phone message light will go red so its definitivelly connected but its having a weird effect where outlook window keeps blinking weird when that message is selected.

I should point out that on my CUE i did not have vm-imap group, it was called IMAPgrp
Some of this setup is original.
0
 

Author Comment

by:baysysadmin
Comment Utility
Well i deleted that message and saved a new voicemail, now its fine.
Must have been a corrupted old message.


Thanks
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
IMAPgrp is the group that needs to be created with vm-imap or something similar.

glad to hear you have it up and running.
0
 

Author Comment

by:baysysadmin
Comment Utility
Its working but with some bugs.
Every once in a while a message does not display the attachemnt in outlook, almost as if its corrupt. The message body shows BLANK like the first one I described.

Also some of my users cant access the CUE IP. They can ping it but cant browse the webui or have outlook connect. It just times out.
So far I cant find any firewall rules that could block this or http access on the CME and CUE.
It works for 3 people so far which are on the same subnet as the rest.
I think it has something to do with CUE becuase CUE can ping back those 3 IPs but not the rest.
While everyone can ping CUE.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Is the cisco UC520 IP accessible from the LAN?

The CUE IP should not be disclosed to users.  Depending on the phones you have, you can enable and they could then access their emails on the phone which is usually on the same segment.

Your UC520 has three IPS

Voice VLAN for the phones 10.1.10.0/24
DATA VLAN for the devices if any connecting via/through the phone 1.1.1.0/24
Management 192.168.10.0/24

The WAN portion of the UC520 which could be an IP on the LAN if you have one data dedicated LAN and one for the VOICE LAN.

The users should if they can access the 192.168.10.1 IP or use the WAN IP.
0
 

Author Comment

by:baysysadmin
Comment Utility
This is the CME config with the routes
VLAN 1 is our local LAN VLAN100 is where the phones sets are.
I am not sure what access-list 105 is for, i dont see it applied anywhere.

interface Vlan1
 ip address 10.10.0.11 255.255.255.0
 !
!
interface Vlan10
 no ip address
 !
!
interface Vlan100
 ip address 10.1.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip traffic-export apply TAC size 10000000
 !
!
ip forward-protocol nd
!
ip http server
ip http secure-server
ip http path flash:/gui
ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.10.0.1
ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 10.11.0.0 0.0.0.255
access-list 1 permit 10.1.10.0 0.0.0.3
access-list 105 permit ip host 10.1.1.1 any
access-list 105 deny   ip any any
0
 

Author Comment

by:baysysadmin
Comment Utility
I think my 10.10.0.11 is the same as the 192 IP in example.
Yes the users can access this IP but they cant get to CUE using this IP.
I get the router interface and CME webui using this ip.
None of this explans why it works for few users.
Looking at the config file I cant find any specific entries that would allow acces to just a few ips.

I tried adding it in outlook instead of 10.1.10.1 but it did not log in.

This entry concerns me, as I did not set this system up.
access-list 1 permit 10.11.0.0 0.0.0.255

We dont have a 10.11... subnet, im thinking it may have been a typo and should be 10.10...
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 76

Expert Comment

by:arnold
Comment Utility
You might be missing vlan90 that is the data VLAN and possibly the 10.11

10.10. Seems to be the WAN IP and is unlikely to be the dedictated management IP

How are your systems connected?

Do you have two separate networks a dedicated data LAN and a dedicated VOICE LAN?

Look at your UC520's DHCP reconfiguration.  

Show running | include DHCP

See what IPs are defined on the DHCP server.
0
 

Author Comment

by:baysysadmin
Comment Utility
This guy seems to have the same issue as me.
https://supportforums.cisco.com/thread/315069
0
 

Author Comment

by:baysysadmin
Comment Utility
No vlan 90, but there is BLANK vlan 10, but i think that was a typo too.
The phone system has 3 subnets.
10.10 which is same as the computer LAN VLAN1
10.1.1.0 which is the ip7945 phone ip VLAN100
10.1.10.1 which is the CUE service engine IP.
interface Integrated-Service-Engine0/0
 description cue is initialized with default IMAP group
 ip unnumbered Loopback0
 ip nat inside
 ip virtual-reassembly
 service-module ip address 10.1.10.1 255.255.255.252
 service-module ip default-gateway 10.1.10.2
 !
interface Loopback0
 ip address 10.1.10.2 255.255.255.252


ip dhcp relay information trust-all
ip dhcp excluded-address 10.10.1.0 10.10.1.10
ip dhcp excluded-address 10.1.1.1 10.1.1.10
!
ip dhcp pool phone
   network 10.1.1.0 255.255.255.0
   default-router 10.1.1.1
   option 150 ip 10.1.1.1

Again this line doesnt make any sense, we dont have that subnet #.
ip dhcp excluded-address 10.10.1.0 10.10.1.10
Who ever set this up made a lot of stupid typos.
0
 

Author Comment

by:baysysadmin
Comment Utility
Is there maybe  a limit to how many people can connect to CUE http://10.1.10.1
Maybe thats why the first 3 people worked but not the rest.
This how ever doesnt explan why CUE can ping the 10.10.0.1 GW and those 3 people but not any other IP on vlan1, not even the DNS server,  while everyone on vlan1 can ping CUE 10.1.10.1
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
I think the IMAP should support access for as many licenses as you need.

Check the IP configuration on the system from which the users are able and from which the users are not.

Another option you can use is the voice to email configuration.  When a voice mail is left, it will email it to the user.

I've seen corrupted voicemail messages. at times they dealt with a deletion that did not complete. i.e. checked via the phone and marked it for deletion. Or similarly via the IMAP but the message was not completely purged.

The voice to email, would only require the users to go in and delete/clear the cue if they do not want to do it via the phone interface.

the UC520 can have four separate networks.
1 WAN connection

1 DATA LAN
1 VOICE LAN
1 MANAGEMENT

The users to access IMAP/Messaging should use 10.10.0.11

Do you have your UC520 connected on the WAN port?
0
 

Author Comment

by:baysysadmin
Comment Utility
I did setup the email notification but its not working.
The CUE can ping the email server which is in DMZ 172... but only that one DMZ server.
Again this weird selective ping when all should work.

The corruped voicemail was a brand new unlisted voicemail.
At first I thought maybe because it was bigger than all my test ones.
So i left myself a 1 min voicemail and that one came in fine.
It seems random.

My UC520 has 8 ports, only 1 i used.
But looking phyiscall at the unit the 8 POE ports are not plugged in, the WAN is NOT used only EXPANSION port is plugged in. This doesnt seem to match what I am seeing in config.
Maybe im looking at the wrong place.

Port    Name               Status       Vlan       Duplex Speed Type
Fa0/1/0                    notconnect   1            auto    auto 10/100BaseTX
Fa0/1/1                    notconnect   1            auto    auto 10/100BaseTX
Fa0/1/2                    notconnect   1            auto    auto 10/100BaseTX
Fa0/1/3                    notconnect   1            auto    auto 10/100BaseTX
Fa0/1/4                    notconnect   1            auto    auto 10/100BaseTX
Fa0/1/5                    notconnect   1            auto    auto 10/100BaseTX
Fa0/1/6                    notconnect   1            auto    auto 10/100BaseTX
Fa0/1/7                    notconnect   1            auto    auto 10/100BaseTX
Fa0/1/8                    connected    trunk      a-full   a-100 10/100BaseTX

I tried connecting IMAP using 10.10.0.11 but outlook failed to connect.
It only seems to be accepting connections on 10.1.10.1 but for 3 users.
0
 

Author Comment

by:baysysadmin
Comment Utility
I ran a different command which gave me complete list of ALL interfaces.
Is WAN port required? Im not sure why we are not using it or what exactly its for.

Interface                   IHQ       IQD       OHQ       OQD      RXBS      RXPS      TXBS      TXPS      TRTL
-----------------------------------------------------------------------------------------------------------------
  FastEthernet0/0               0         0         0         0         0         0         0         0         0
* In0/0                         0         0         0         0         0         0         0         0         0
  FastEthernet0/1/0             0         0         0         0         0         0         0         0         0
  FastEthernet0/1/1             0         0         0         0         0         0         0         0         0
  FastEthernet0/1/2             0         0         0         0         0         0         0         0         0
  FastEthernet0/1/3             0         0         0         0         0         0         0         0         0
  FastEthernet0/1/4             0         0         0         0         0         0         0         0         0
  FastEthernet0/1/5             0         0         0         0         0         0         0         0         0
  FastEthernet0/1/6             0         0         0         0         0         0         0         0         0
  FastEthernet0/1/7             0         0         0         0         0         0         0         0         0
* FastEthernet0/1/8             0         0         0         0     10000        13     94000        54         0
  Serial0/2/0:0                 0         0         0         0         0         0         0         0         0
  Serial0/2/0:1                 0         0         0         0         0         0         0         0         0
  Serial0/2/0:2                 0         0         0         0         0         0         0         0         0
  Serial0/2/0:3                 0         0         0         0         0         0         0         0         0
  Serial0/2/0:4                 0         0         0         0         0         0         0         0         0
  Serial0/2/0:5                 0         0         0         0         0         0         0         0         0
  Serial0/2/0:6                 0         0         0         0         0         0         0         0         0
  Serial0/2/0:7                 0         0         0         0         0         0         0         0         0
  Serial0/2/0:8                 0         0         0         0         0         0         0         0         0
  Serial0/2/0:9                 0         0         0         0         0         0         0         0         0
* Serial0/2/0:23                0         0         0         0         0         0         0         0         0
* Vlan1                         0         0         0         0      5000         7      2000         2         0
* Vlan10                        0         0         0         0         0         0         0         0         0
* Vlan100                       0         0         0         0         0         1     85000        50         0
* NVI0                          0         0         0         0         0         0         0         0         0
* Loopback0                     0         0         0         0         0         0         0         0         0
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
What is the IP on the system from which you connect?

I do not think the CUE IP is should be hit by anything other than the phones.

I do not believe the UC has POE ports.  IT has plain Ethernet ports.

is there a path from 10.10.0.11 to the DMZ IP?  See what rules exists on the firewall that is handling the DMZ port.
Does it allow access from 10.10.0.0/24 network?
0
 

Author Comment

by:baysysadmin
Comment Utility
Mine is 10.10.0.136
Our UC has POE, it says right there on the device.
We dont use them , we use the 9th expansion interface which goes to a POE 24port switch.
Then that switch goes to our LAN swtiches which goes to the ASA firewall.
the firewall simply has a route to 10.1.10.0 /24 and sends it to 10.10.0.11 on the private interface. There are no ACLS on ASA that block this, it comes in on private and is routed back on private
I just figured it out, I and 2 others have a static route and its the same as the one on ASA which means the ASA one doesnt work. The ASA private interface has no ACL, it has the
Any less secure networks
default setting.

Network Address          Netmask  Gateway Address  Metric
      10.1.10.0    255.255.255.0       10.10.0.11       1

This does not explain why everyone can ping the CUE.
If the route was messed up even the pings should not find their way.


So back to your comment, how do I make outlook work with 10.10.0.11 IP instead.
Or should I try to fix the ASA route so everyone can get to 10.1.10.1
Thanks
0
 

Author Comment

by:baysysadmin
Comment Utility
The ASA route is definitively responsible for making the pings work.
I removed it and pings stopped.
But i cant find anything blocking http access to CUE.
Packet tracer on ASA shows all green.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Your setup seems strange that you would have the ASA between your UC520 and your phones.

What are the IPS on your PCs?
0
 

Author Comment

by:baysysadmin
Comment Utility
No the ASA is not between the phones and UC, its between the LAN and UC
Phones are on another local switch directly connected to UC.

PCS are VLAN1 10.10.0.0
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
I would have connected the PC LAN to the WAN portion of the UC520.

Try the following if you can, create another network on the ASA.  Connect that to the WAN Port of the UC520.

On the ASA setup the acl/routes for this new segment and then use it as the IMAP access point.  See whether that makes a difference.

how many active interfaces does your UC520 have. only the FA0/1/8?
it is a 10/100 line and is VLANed and prioritized using QoS voice over data.
Do you have an option to setup cacti (cacti.net snmp polling of the UC560's network usage of FA0/1/8 interface to make sure it is not being saturated?)
0
 

Author Comment

by:baysysadmin
Comment Utility
Hi I hope someone is still watchiing this thread.
I ran into a issue with connecitng IMAP with outlook 2013.
In this case we use a fake outgoing server because we are only recieveing messages from the phone system, not sending but outlook 2013 requires a valid outgoing server so it cant send a test message.
Without it the test fails and it wont let you add the account to outlook.

How do you get around this?
Thanks
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
Comment Utility
You setup a local SMTP (IIS SMTP) or point the outgoing server settings to an email provider that you have.

I.e. incoming IMAP type uc520.yourdomain.local
Outgoing SMTP somehost.yourprovider.com
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now