locked
External NIC with multiple IP address Problem RRS feed

  • Question

  • My edge server is consolidated.

    i have configured 2 nics. one for internal one for external.

    my external nic configuration is like this.

    access edge ip    212.x.y.100 mask 255.255.255.0
    web confer ip      212.x.y.101 mask 255.255.255.0
    av edge ip          212.x.y.102 mask 255.255.255.0

    my internal nic has one ip address 10.0.0.100 mask 255.255.0.0

    i have created public dns records. and configure external weburl address on my standart server.

    i can only use IM. 

    Live meeting and AV Conf is not working. what should i have to change to make this functions work?


    Monday, October 19, 2009 1:26 PM

Answers

  • Cem,

    As I stated that blog article does not exactly pertain your configuration; you stated you have a single external interface, not multiple external interfaces.  Do not follow those instructions verbatim.  There is no need to mess with changing the weakhost send/receive settings.

    And the route definition for internal should not have a METRIC given, nor do you really need the IF either.  but according to your rout table you have a persistent route defined to handle internal traffic back to 10.0.0.0/16 hosts.

    But if you are not able to telnet to the external ports (212.x.x.100:443, 212.x.x.101:443, etc) then that is an issue with the external firewall most likely.  I see you have the default gateway set on the external interface so return traffic should be routed out the correct interfaces on the Edge server.

    Are you trying to telnet to ports 443 and 3478 on the A/V Edge external IP?  Because of the UDP nature and how the A/V communications are setup you won't get a response from a telnet connection in the way that you can from the Access Edge and Web Conf external IPs, so that would not be a valid test for the A/V Edge role.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by Cem Albayrak Monday, October 19, 2009 6:11 PM
    Monday, October 19, 2009 5:18 PM
    Moderator
  • after your reply i check my connection with tracert and i see a loop is terminating the traffic.

    I will ask my security admin to check firewall settings.

    Thanks.
    • Marked as answer by Cem Albayrak Monday, October 19, 2009 6:11 PM
    Monday, October 19, 2009 6:11 PM

All replies

  • Hi,
         Please check your firewall settings:

    Edge Role

    Functionality

    External F/W Port

    Internal F/W Port

    Protocol

    Reverse Proxy

    Address Book, File Download, etc…

    443

    443

    HTTP(S)

    Access

    Remote IM and Presence, Federation, Public IM 

    443, 5061

    5061

    SIP/MTLS

    Web Conferencing

    External Web Conf Participation

    443

    8057

    PSOM/MTLS

    Audio/Video Conferencing

    External A/V Conf Participation

    443, 3478, 50,000-59,999

    443, 5062, 3478

    PSOM/TLS/STUN

    /TCP/UDP


    More details please ref to:
    http://technet.microsoft.com/en-us/library/bb803617.aspx

    Addionally, make sure your edge server can resolve your A/V edge external URL(ex. avedge.domain.com) to publc ip.

    -Randy
    Monday, October 19, 2009 1:34 PM
  • for testing purposes i open my front firewall any to any.

    but still not working.

    i cannot telnet webconf and av ips from outside and on a machine that is in same subnet too.

    if helps i use windows server 2008 SP2 x64 version.
    Monday, October 19, 2009 1:37 PM
  • How do you have you default gateways configured on the Edge server?  A telnet connection can fail if the return route is not correctly defined.  You should have the DG set on your external interface and use static route entries to define routes to internal hosts.

    See the route command examples in this article: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=78
    (Note that this article's main topic covers multiple external NIC which is not the same as your configuration, but the routing to internal is the same.)


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, October 19, 2009 1:56 PM
    Moderator

  • thank you for your reply,

    this is the output of netsh command,

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\Administrator>netsh interface ipv4 show interface

    Idx  Met   MTU   State        Name
    ---  ---  -----  -----------  -------------------
      1   50 4294967295  connected    Loopback Pseudo-Interface 1
     10   20   1500  connected    External
     13   20   1500  connected    Internal



    i can only see two interface. in your article you are using this command to set dg;

    route add –p 0.0.0.0 mask 0.0.0.0 172.16.1.1 metric 277 IF 15
    route add –p 0.0.0.0 mask 0.0.0.0 172.16.1.1 metric 278 IF 16

    how can i specify IF Idx?


    and this is my routing table

    C:\Users\Administrator>route print
    ===========================================================================
    Interface List
     13 ...00 50 fc 8d cd ad ...... Realtek RTL8139/810x Family Fast Ethernet NI
     10 ...00 1e 0b 2d a2 bb ...... Intel(R) 82566DM Gigabit Network Connection
      1 ........................... Software Loopback Interface 1
     11 ...00 00 00 00 00 00 00 e0  isatap.{655B9601-B042-4701-A070-A88425D822D3
     12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
     14 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
     15 ...00 00 00 00 00 00 00 e0  isatap.domain.com
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface    Metric
              0.0.0.0                   0.0.0.0       212.x.x.106   212.x.x.100    276
            10.0.0.0             255.255.0.0         On-link        10.0.0.100    276
            10.0.0.0             255.255.0.0       10.0.1.18       10.0.0.100     21
           10.0.0.100      255.255.255.255         On-link        10.0.0.100    276
        10.0.255.255     255.255.255.255         On-link        10.0.0.100    276
            127.0.0.0                255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1       255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
       212.x.x.100          255.255.255.255         On-link    212.x.x.100    276
       212.x.x.101          255.255.255.255         On-link    212.x.x.100    276
       212.x.x.102          255.255.255.255         On-link    212.x.x.100    276
            224.0.0.0        240.0.0.0                  On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0                  On-link        10.0.0.100    276
            224.0.0.0        240.0.0.0                    On-link    212.x.x.110    276
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link        10.0.0.100    276
      255.255.255.255  255.255.255.255         On-link    212.x.x.100    276
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask       Gateway Address  Metric
            10.0.0.0               255.255.0.0       10.0.1.18            1
              0.0.0.0                  0.0.0.0            212.x.x.106  Default
    ===========================================================================

    C:\Users\Administrator>

    Monday, October 19, 2009 2:16 PM
  • run "route print", you will see the interface list like:
    ===========================================================================
    Interface List
     15 ...00 1e c9 2a 69 fc ...... External NIC
     13 ...00 15 5d 0a 8c 04 ...... Internal
      1 ........................... Software Loopback Interface 1
     16 ...00 00 00 00 00 00 00 e0  isatap.{5845A754-A73C-4AB2-B688-9BF2B9711753}
     10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
     14 ...00 00 00 00 00 00 00 e0  isatap.{DDFCB5B3-1190-4F6B-8A06-CE9F54992C33}
    ===========================================================================

    And can you post your route table here?
    Monday, October 19, 2009 2:22 PM
  • this is my routing table

    C:\Users\Administrator>route print
    ===========================================================================
    Interface List
     13 ...00 50 fc 8d cd ad ...... Realtek RTL8139/810x Family Fast Ethernet NI
     10 ...00 1e 0b 2d a2 bb ...... Intel(R) 82566DM Gigabit Network Connection
      1 ........................... Software Loopback Interface 1
     11 ...00 00 00 00 00 00 00 e0  isatap.{655B9601-B042-4701-A070-A88425D822D3
     12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
     14 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
     15 ...00 00 00 00 00 00 00 e0  isatap.domain.com
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface    Metric
              0.0.0.0                   0.0.0.0       212.x.x.106   212.x.x.100    276
            10.0.0.0             255.255.0.0         On-link        10.0.0.100    276
            10.0.0.0             255.255.0.0       10.0.1.18       10.0.0.100     21
           10.0.0.100      255.255.255.255         On-link        10.0.0.100    276
        10.0.255.255     255.255.255.255         On-link        10.0.0.100    276
            127.0.0.0                255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1       255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
       212.x.x.100          255.255.255.255         On-link    212.x.x.100    276
       212.x.x.101          255.255.255.255         On-link    212.x.x.100    276
       212.x.x.102          255.255.255.255         On-link    212.x.x.100    276
            224.0.0.0        240.0.0.0                  On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0                  On-link        10.0.0.100    276
            224.0.0.0        240.0.0.0                    On-link    212.x.x.110    276
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link        10.0.0.100    276
      255.255.255.255  255.255.255.255         On-link    212.x.x.100    276
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask       Gateway Address  Metric
            10.0.0.0               255.255.0.0       10.0.1.18            1
              0.0.0.0                  0.0.0.0            212.x.x.106  Default
    ===========================================================================

    Monday, October 19, 2009 2:45 PM
  • Just enter the route command omiting the 'metric' argument and use you specific IF value for the internal interface.  Typicall the IF argument is not even nessesary, as long as the internal router's IP address is in the same subnetwork as the internal interface itself.  The server will automatically know to use your internal interface if it's on that same network.


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, October 19, 2009 2:51 PM
    Moderator
  • so am i understand right. my internal interface id is 10. and external interface id is 13

    i have to run only

    route add –p 0.0.0.0 mask 0.0.0.0 10.0.1.18 metric 277 IF 10

    and do run these commands on each interface

    netsh interface ipv4 set interface 10 weakhostsend=enabled
    netsh interface ipv4 set interface 10 weakhostreceive=enabled

    netsh interface ipv4 set interface 13 weakhostsend=enabled
    netsh interface ipv4 set interface 13 weakhostreceive=enabled

    Monday, October 19, 2009 2:56 PM
  • your route table seems no problem.
    What's your A/V edge settings (ip, port) on "Edge Interfaces" tab? also check your pool properties->A/V Authentication Service option, should be same with A/V Edge.

    And any event log in system event viewer?

    Randy Zhong, MCSA/MCDBA/MCSE/MCBMSS@CRM
    Monday, October 19, 2009 3:01 PM
  • Cem,

    As I stated that blog article does not exactly pertain your configuration; you stated you have a single external interface, not multiple external interfaces.  Do not follow those instructions verbatim.  There is no need to mess with changing the weakhost send/receive settings.

    And the route definition for internal should not have a METRIC given, nor do you really need the IF either.  but according to your rout table you have a persistent route defined to handle internal traffic back to 10.0.0.0/16 hosts.

    But if you are not able to telnet to the external ports (212.x.x.100:443, 212.x.x.101:443, etc) then that is an issue with the external firewall most likely.  I see you have the default gateway set on the external interface so return traffic should be routed out the correct interfaces on the Edge server.

    Are you trying to telnet to ports 443 and 3478 on the A/V Edge external IP?  Because of the UDP nature and how the A/V communications are setup you won't get a response from a telnet connection in the way that you can from the Access Edge and Web Conf external IPs, so that would not be a valid test for the A/V Edge role.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by Cem Albayrak Monday, October 19, 2009 6:11 PM
    Monday, October 19, 2009 5:18 PM
    Moderator
  • after your reply i check my connection with tracert and i see a loop is terminating the traffic.

    I will ask my security admin to check firewall settings.

    Thanks.
    • Marked as answer by Cem Albayrak Monday, October 19, 2009 6:11 PM
    Monday, October 19, 2009 6:11 PM