External NIC with multiple IP address Problem

All replies

• 

  

  0

  Sign in to vote

  Hi,
       Please check your firewall settings:
  
  

  Edge Role	Functionality	External F/W Port	Internal F/W Port	Protocol
  Reverse Proxy	Address Book, File Download, etc…	443	443	HTTP(S)
  Access	Remote IM and Presence, Federation, Public IM	443, 5061	5061	SIP/MTLS
  Web Conferencing	External Web Conf Participation	443	8057	PSOM/MTLS
  Audio/Video Conferencing	External A/V Conf Participation	443, 3478, 50,000-59,999	443, 5062, 3478	PSOM/TLS/STUN /TCP/UDP

  
  More details please ref to:
  http://technet.microsoft.com/en-us/library/bb803617.aspx
  
  Addionally, make sure your edge server can resolve your A/V edge external URL(ex. avedge.domain.com) to publc ip.
  
  -Randy
  

  Monday, October 19, 2009 1:34 PM
• 

  

  0

  Sign in to vote

  for testing purposes i open my front firewall any to any.
  
  but still not working.
  
  i cannot telnet webconf and av ips from outside and on a machine that is in same subnet too.
  
  if helps i use windows server 2008 SP2 x64 version.

  Monday, October 19, 2009 1:37 PM
• 

  

  0

  Sign in to vote

  How do you have you default gateways configured on the Edge server?  A telnet connection can fail if the return route is not correctly defined.  You should have the DG set on your external interface and use static route entries to define routes to internal hosts.
  
  See the route command examples in this article: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=78
  (Note that this article's main topic covers multiple external NIC which is not the same as your configuration, but the routing to internal is the same.)

  ---

  Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS

  Monday, October 19, 2009 1:56 PM

  Moderator
• 

  

  0

  Sign in to vote

  
  thank you for your reply,
  
  this is the output of netsh command,
  
  Microsoft Windows [Version 6.0.6002]
  Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

  C:\Users\Administrator>netsh interface ipv4 show interface

  Idx  Met   MTU   State        Name
  ---  ---  -----  -----------  -------------------
    1   50 4294967295  connected    Loopback Pseudo-Interface 1
   10   20   1500  connected    External
   13   20   1500  connected    Internal

  
  
  i can only see two interface. in your article you are using this command to set dg;
  
  route add –p 0.0.0.0 mask 0.0.0.0 172.16.1.1 metric 277 IF 15
  route add –p 0.0.0.0 mask 0.0.0.0 172.16.1.1 metric 278 IF 16
  
  how can i specify IF Idx?

  
  and this is my routing table
  
  C:\Users\Administrator>route print
  ===========================================================================
  Interface List
   13 ...00 50 fc 8d cd ad ...... Realtek RTL8139/810x Family Fast Ethernet NI
   10 ...00 1e 0b 2d a2 bb ...... Intel(R) 82566DM Gigabit Network Connection
    1 ........................... Software Loopback Interface 1
   11 ...00 00 00 00 00 00 00 e0  isatap.{655B9601-B042-4701-A070-A88425D822D3
   12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
   14 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
   15 ...00 00 00 00 00 00 00 e0  isatap.domain.com
  ===========================================================================

  IPv4 Route Table
  ===========================================================================
  Active Routes:
  Network Destination        Netmask          Gateway       Interface    Metric
            0.0.0.0                   0.0.0.0       212.x.x.106   212.x.x.100    276
          10.0.0.0             255.255.0.0         On-link        10.0.0.100    276
          10.0.0.0             255.255.0.0       10.0.1.18       10.0.0.100     21
         10.0.0.100      255.255.255.255         On-link        10.0.0.100    276
      10.0.255.255     255.255.255.255         On-link        10.0.0.100    276
          127.0.0.0                255.0.0.0         On-link         127.0.0.1    306
          127.0.0.1       255.255.255.255         On-link         127.0.0.1    306
    127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     212.x.x.100          255.255.255.255         On-link    212.x.x.100    276
     212.x.x.101          255.255.255.255         On-link    212.x.x.100    276
     212.x.x.102          255.255.255.255         On-link    212.x.x.100    276
          224.0.0.0        240.0.0.0                  On-link         127.0.0.1    306
          224.0.0.0        240.0.0.0                  On-link        10.0.0.100    276
          224.0.0.0        240.0.0.0                    On-link    212.x.x.110    276
    255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    255.255.255.255  255.255.255.255         On-link        10.0.0.100    276
    255.255.255.255  255.255.255.255         On-link    212.x.x.100    276
  ===========================================================================
  Persistent Routes:
    Network Address          Netmask       Gateway Address  Metric
          10.0.0.0               255.255.0.0       10.0.1.18            1
            0.0.0.0                  0.0.0.0            212.x.x.106  Default
  ===========================================================================

  C:\Users\Administrator>

  • Edited by Cem Albayrak Monday, October 19, 2009 2:24 PM

  Monday, October 19, 2009 2:16 PM
• 

  

  0

  Sign in to vote

  run "route print", you will see the interface list like:
  ===========================================================================
  Interface List
   15 ...00 1e c9 2a 69 fc ...... External NIC
   13 ...00 15 5d 0a 8c 04 ...... Internal
    1 ........................... Software Loopback Interface 1
   16 ...00 00 00 00 00 00 00 e0  isatap.{5845A754-A73C-4AB2-B688-9BF2B9711753}
   10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
   14 ...00 00 00 00 00 00 00 e0  isatap.{DDFCB5B3-1190-4F6B-8A06-CE9F54992C33}
  ===========================================================================
  
  And can you post your route table here?
  

  Monday, October 19, 2009 2:22 PM
• 

  

  0

  Sign in to vote

  this is my routing table
  
  C:\Users\Administrator>route print
  ===========================================================================
  Interface List
   13 ...00 50 fc 8d cd ad ...... Realtek RTL8139/810x Family Fast Ethernet NI
   10 ...00 1e 0b 2d a2 bb ...... Intel(R) 82566DM Gigabit Network Connection
    1 ........................... Software Loopback Interface 1
   11 ...00 00 00 00 00 00 00 e0  isatap.{655B9601-B042-4701-A070-A88425D822D3
   12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
   14 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
   15 ...00 00 00 00 00 00 00 e0  isatap.domain.com
  ===========================================================================

  IPv4 Route Table
  ===========================================================================
  Active Routes:
  Network Destination        Netmask          Gateway       Interface    Metric
            0.0.0.0                   0.0.0.0       212.x.x.106   212.x.x.100    276
          10.0.0.0             255.255.0.0         On-link        10.0.0.100    276
          10.0.0.0             255.255.0.0       10.0.1.18       10.0.0.100     21
         10.0.0.100      255.255.255.255         On-link        10.0.0.100    276
      10.0.255.255     255.255.255.255         On-link        10.0.0.100    276
          127.0.0.0                255.0.0.0         On-link         127.0.0.1    306
          127.0.0.1       255.255.255.255         On-link         127.0.0.1    306
    127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     212.x.x.100          255.255.255.255         On-link    212.x.x.100    276
     212.x.x.101          255.255.255.255         On-link    212.x.x.100    276
     212.x.x.102          255.255.255.255         On-link    212.x.x.100    276
          224.0.0.0        240.0.0.0                  On-link         127.0.0.1    306
          224.0.0.0        240.0.0.0                  On-link        10.0.0.100    276
          224.0.0.0        240.0.0.0                    On-link    212.x.x.110    276
    255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    255.255.255.255  255.255.255.255         On-link        10.0.0.100    276
    255.255.255.255  255.255.255.255         On-link    212.x.x.100    276
  ===========================================================================
  Persistent Routes:
    Network Address          Netmask       Gateway Address  Metric
          10.0.0.0               255.255.0.0       10.0.1.18            1
            0.0.0.0                  0.0.0.0            212.x.x.106  Default
  ===========================================================================

  Monday, October 19, 2009 2:45 PM
• 

  

  0

  Sign in to vote

  Just enter the route command omiting the 'metric' argument and use you specific IF value for the internal interface.  Typicall the IF argument is not even nessesary, as long as the internal router's IP address is in the same subnetwork as the internal interface itself.  The server will automatically know to use your internal interface if it's on that same network.

  ---

  Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS

  Monday, October 19, 2009 2:51 PM

  Moderator
• 

  

  0

  Sign in to vote

  so am i understand right. my internal interface id is 10. and external interface id is 13
  
  i have to run only
  
  route add –p 0.0.0.0 mask 0.0.0.0 10.0.1.18 metric 277 IF 10
  
  and do run these commands on each interface
  
  netsh interface ipv4 set interface 10 weakhostsend=enabled
  netsh interface ipv4 set interface 10 weakhostreceive=enabled
  
  netsh interface ipv4 set interface 13 weakhostsend=enabled
  netsh interface ipv4 set interface 13 weakhostreceive=enabled
  
  

  Monday, October 19, 2009 2:56 PM
• 

  

  0

  Sign in to vote

  your route table seems no problem.
  What's your A/V edge settings (ip, port) on "Edge Interfaces" tab? also check your pool properties->A/V Authentication Service option, should be same with A/V Edge.
  
  And any event log in system event viewer?
  

  ---

  Randy Zhong, MCSA/MCDBA/MCSE/MCBMSS@CRM

  Monday, October 19, 2009 3:01 PM
• 

  

  0

  Sign in to vote

  Cem,
  
  As I stated that blog article does not exactly pertain your configuration; you stated you have a single external interface, not multiple external interfaces.  Do not follow those instructions verbatim.  There is no need to mess with changing the weakhost send/receive settings.
  
  And the route definition for internal should not have a METRIC given, nor do you really need the IF either.  but according to your rout table you have a persistent route defined to handle internal traffic back to 10.0.0.0/16 hosts.
  
  But if you are not able to telnet to the external ports (212.x.x.100:443, 212.x.x.101:443, etc) then that is an issue with the external firewall most likely.  I see you have the default gateway set on the external interface so return traffic should be routed out the correct interfaces on the Edge server.
  
  Are you trying to telnet to ports 443 and 3478 on the A/V Edge external IP?  Because of the UDP nature and how the A/V communications are setup you won't get a response from a telnet connection in the way that you can from the Access Edge and Web Conf external IPs, so that would not be a valid test for the A/V Edge role.

  ---

  Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS

  • Marked as answer by Cem Albayrak Monday, October 19, 2009 6:11 PM

  Monday, October 19, 2009 5:18 PM

  Moderator
• 

  

  0

  Sign in to vote

  after your reply i check my connection with tracert and i see a loop is terminating the traffic.
  
  I will ask my security admin to check firewall settings.
  
  Thanks.

  • Marked as answer by Cem Albayrak Monday, October 19, 2009 6:11 PM

  Monday, October 19, 2009 6:11 PM