locked
P2P Connection with external user, A/V Edge not used RRS feed

  • Question

  • Hi everybody,

    we have 1 OCS Enterprise Edition Server and one Edge Server in our enviroment.
    A/V Validation Wizard completes with state successfull.
    External Users can connect to ourh Front End Server and IM and Presence work great.

    When I try an A/V Session wit Client 1 (internal) and Client 2 (external).
    Access Edge authenticates the User with my internal Server and after that connects to 5062 on A/V Edge (as mentioned before, A/V Validation Wizard is successfull).
    The Audio and Video connection is established after that and i see video and hear audio.
    But in fact this session is handled P2P with ports above 49000 and not handled by the A/V Edge Server Role.

    Is this the right way, i would have thought, that the connection is handled by the A/V Edge Role so there don't have to be so many open ports on my external firewall. 
    Friday, September 25, 2009 1:52 PM

Answers

  • I actually use that same topology in some deployments, one I am finishing up right now.

    The key is to have the gateway on your "external" nic and provide a persistent route with the "internal" interface specified for internal traffic.

    something like route -p add 10.117.117.0 MASK 255.255.255.0 192.168.169.1 IF 11

    10.117.117.0 being my internal network, 192.168.169.1 being my DMZ gateway and IF 11 being the "internal NIC"

    This has worked for me in the past, verify that all internal servers and all desktop clients can connect to the internal interface of the edge server as well, as they will need to talk directly to that.



    Randy Wintle | MCTS: UC Voice Specialization | Winxnet Inc
    • Marked as answer by ToPeter Tuesday, September 29, 2009 6:40 AM
    Monday, September 28, 2009 1:59 PM

All replies

  • Whenever Communicator clients attempt to setup a peer-to-peer media session they always attempt to connect to each other directly, and if that fails then each attempts to connect through a configured Edge server.  If these two clients are able to communicate P2P without problems then they won't fail and rollback to the Edge Server. So if you have the ports opened and the clients can route traffic between then I'd expect that would explain what you are seeing.

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, September 25, 2009 3:06 PM
    Moderator
  • Hi,

    the problem is, that if the ports are not open a/v edge does not manage the connection.
    it simply fails.
    a/v edge seems to be configured correctly, because the wizard complets successful.

    this is strange ...
    Sunday, September 27, 2009 6:06 PM
  • I read through this post:
    http://social.microsoft.com/Forums/en-AU/communicationsserveredgeservers/thread/787d7d06-34f2-431e-b3a3-801310174e3b

    and several other posts by jeff schertz and i think routing may be a problem.
    my topology is somehow the problem but i have no other option in my company.

    edge server has 2 interfaces but on the same subnet.
    i know this should propably not work but authentication, im and presence do work.

    "internal" interface traffic is routed to my internal server
    all ip adresses are publicly routable and no nat is used.
    Monday, September 28, 2009 8:06 AM
  • I actually use that same topology in some deployments, one I am finishing up right now.

    The key is to have the gateway on your "external" nic and provide a persistent route with the "internal" interface specified for internal traffic.

    something like route -p add 10.117.117.0 MASK 255.255.255.0 192.168.169.1 IF 11

    10.117.117.0 being my internal network, 192.168.169.1 being my DMZ gateway and IF 11 being the "internal NIC"

    This has worked for me in the past, verify that all internal servers and all desktop clients can connect to the internal interface of the edge server as well, as they will need to talk directly to that.



    Randy Wintle | MCTS: UC Voice Specialization | Winxnet Inc
    • Marked as answer by ToPeter Tuesday, September 29, 2009 6:40 AM
    Monday, September 28, 2009 1:59 PM
  • RANDY WINTLE,

    you totally saved my day, week, month ;)

    Thank you so much for this solution.

    A/V Edge works like a charm now.....!!
    Tuesday, September 29, 2009 6:40 AM