Answered by:
External NIC with multiple IP address Problem

Question
-
My edge server is consolidated.
i have configured 2 nics. one for internal one for external.
my external nic configuration is like this.
access edge ip 212.x.y.100 mask 255.255.255.0
web confer ip 212.x.y.101 mask 255.255.255.0
av edge ip 212.x.y.102 mask 255.255.255.0
my internal nic has one ip address 10.0.0.100 mask 255.255.0.0
i have created public dns records. and configure external weburl address on my standart server.
i can only use IM.
Live meeting and AV Conf is not working. what should i have to change to make this functions work?Monday, October 19, 2009 1:26 PM
Answers
-
Cem,
As I stated that blog article does not exactly pertain your configuration; you stated you have a single external interface, not multiple external interfaces. Do not follow those instructions verbatim. There is no need to mess with changing the weakhost send/receive settings.
And the route definition for internal should not have a METRIC given, nor do you really need the IF either. but according to your rout table you have a persistent route defined to handle internal traffic back to 10.0.0.0/16 hosts.
But if you are not able to telnet to the external ports (212.x.x.100:443, 212.x.x.101:443, etc) then that is an issue with the external firewall most likely. I see you have the default gateway set on the external interface so return traffic should be routed out the correct interfaces on the Edge server.
Are you trying to telnet to ports 443 and 3478 on the A/V Edge external IP? Because of the UDP nature and how the A/V communications are setup you won't get a response from a telnet connection in the way that you can from the Access Edge and Web Conf external IPs, so that would not be a valid test for the A/V Edge role.
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS- Marked as answer by Cem Albayrak Monday, October 19, 2009 6:11 PM
Monday, October 19, 2009 5:18 PMModerator -
after your reply i check my connection with tracert and i see a loop is terminating the traffic.
I will ask my security admin to check firewall settings.
Thanks.- Marked as answer by Cem Albayrak Monday, October 19, 2009 6:11 PM
Monday, October 19, 2009 6:11 PM
All replies
-
Hi,
Please check your firewall settings:
Edge Role
Functionality
External F/W Port
Internal F/W Port
Protocol
Reverse Proxy
Address Book, File Download, etc…
443
443
HTTP(S)
Access
Remote IM and Presence, Federation, Public IM
443, 5061
5061
SIP/MTLS
Web Conferencing
External Web Conf Participation
443
8057
PSOM/MTLS
Audio/Video Conferencing
External A/V Conf Participation
443, 3478, 50,000-59,999
443, 5062, 3478
PSOM/TLS/STUN
/TCP/UDP
More details please ref to:
http://technet.microsoft.com/en-us/library/bb803617.aspx
Addionally, make sure your edge server can resolve your A/V edge external URL(ex. avedge.domain.com) to publc ip.
-RandyMonday, October 19, 2009 1:34 PM -
for testing purposes i open my front firewall any to any.
but still not working.
i cannot telnet webconf and av ips from outside and on a machine that is in same subnet too.
if helps i use windows server 2008 SP2 x64 version.Monday, October 19, 2009 1:37 PM -
How do you have you default gateways configured on the Edge server? A telnet connection can fail if the return route is not correctly defined. You should have the DG set on your external interface and use static route entries to define routes to internal hosts.
See the route command examples in this article: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=78
(Note that this article's main topic covers multiple external NIC which is not the same as your configuration, but the routing to internal is the same.)
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCSMonday, October 19, 2009 1:56 PMModerator -
thank you for your reply,
this is the output of netsh command,
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.C:\Users\Administrator>netsh interface ipv4 show interface
Idx Met MTU State Name
--- --- ----- ----------- -------------------
1 50 4294967295 connected Loopback Pseudo-Interface 1
10 20 1500 connected External
13 20 1500 connected Internal
i can only see two interface. in your article you are using this command to set dg;
route add –p 0.0.0.0 mask 0.0.0.0 172.16.1.1 metric 277 IF 15
route add –p 0.0.0.0 mask 0.0.0.0 172.16.1.1 metric 278 IF 16
how can i specify IF Idx?
and this is my routing table
C:\Users\Administrator>route print
===========================================================================
Interface List
13 ...00 50 fc 8d cd ad ...... Realtek RTL8139/810x Family Fast Ethernet NI
10 ...00 1e 0b 2d a2 bb ...... Intel(R) 82566DM Gigabit Network Connection
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{655B9601-B042-4701-A070-A88425D822D3
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...00 00 00 00 00 00 00 e0 isatap.domain.com
===========================================================================IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 212.x.x.106 212.x.x.100 276
10.0.0.0 255.255.0.0 On-link 10.0.0.100 276
10.0.0.0 255.255.0.0 10.0.1.18 10.0.0.100 21
10.0.0.100 255.255.255.255 On-link 10.0.0.100 276
10.0.255.255 255.255.255.255 On-link 10.0.0.100 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
212.x.x.100 255.255.255.255 On-link 212.x.x.100 276
212.x.x.101 255.255.255.255 On-link 212.x.x.100 276
212.x.x.102 255.255.255.255 On-link 212.x.x.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.100 276
224.0.0.0 240.0.0.0 On-link 212.x.x.110 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.100 276
255.255.255.255 255.255.255.255 On-link 212.x.x.100 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.0.0.0 255.255.0.0 10.0.1.18 1
0.0.0.0 0.0.0.0 212.x.x.106 Default
===========================================================================C:\Users\Administrator>
- Edited by Cem Albayrak Monday, October 19, 2009 2:24 PM
Monday, October 19, 2009 2:16 PM -
run "route print", you will see the interface list like:
===========================================================================
Interface List
15 ...00 1e c9 2a 69 fc ...... External NIC
13 ...00 15 5d 0a 8c 04 ...... Internal
1 ........................... Software Loopback Interface 1
16 ...00 00 00 00 00 00 00 e0 isatap.{5845A754-A73C-4AB2-B688-9BF2B9711753}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{DDFCB5B3-1190-4F6B-8A06-CE9F54992C33}
===========================================================================
And can you post your route table here?Monday, October 19, 2009 2:22 PM -
this is my routing table
C:\Users\Administrator>route print
===========================================================================
Interface List
13 ...00 50 fc 8d cd ad ...... Realtek RTL8139/810x Family Fast Ethernet NI
10 ...00 1e 0b 2d a2 bb ...... Intel(R) 82566DM Gigabit Network Connection
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{655B9601-B042-4701-A070-A88425D822D3
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...00 00 00 00 00 00 00 e0 isatap.domain.com
===========================================================================IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 212.x.x.106 212.x.x.100 276
10.0.0.0 255.255.0.0 On-link 10.0.0.100 276
10.0.0.0 255.255.0.0 10.0.1.18 10.0.0.100 21
10.0.0.100 255.255.255.255 On-link 10.0.0.100 276
10.0.255.255 255.255.255.255 On-link 10.0.0.100 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
212.x.x.100 255.255.255.255 On-link 212.x.x.100 276
212.x.x.101 255.255.255.255 On-link 212.x.x.100 276
212.x.x.102 255.255.255.255 On-link 212.x.x.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.100 276
224.0.0.0 240.0.0.0 On-link 212.x.x.110 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.100 276
255.255.255.255 255.255.255.255 On-link 212.x.x.100 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.0.0.0 255.255.0.0 10.0.1.18 1
0.0.0.0 0.0.0.0 212.x.x.106 Default
===========================================================================Monday, October 19, 2009 2:45 PM -
Just enter the route command omiting the 'metric' argument and use you specific IF value for the internal interface. Typicall the IF argument is not even nessesary, as long as the internal router's IP address is in the same subnetwork as the internal interface itself. The server will automatically know to use your internal interface if it's on that same network.
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCSMonday, October 19, 2009 2:51 PMModerator -
so am i understand right. my internal interface id is 10. and external interface id is 13
i have to run only
route add –p 0.0.0.0 mask 0.0.0.0 10.0.1.18 metric 277 IF 10
and do run these commands on each interface
netsh interface ipv4 set interface 10 weakhostsend=enabled
netsh interface ipv4 set interface 10 weakhostreceive=enabled
netsh interface ipv4 set interface 13 weakhostsend=enabled
netsh interface ipv4 set interface 13 weakhostreceive=enabledMonday, October 19, 2009 2:56 PM -
your route table seems no problem.
What's your A/V edge settings (ip, port) on "Edge Interfaces" tab? also check your pool properties->A/V Authentication Service option, should be same with A/V Edge.
And any event log in system event viewer?
Randy Zhong, MCSA/MCDBA/MCSE/MCBMSS@CRMMonday, October 19, 2009 3:01 PM -
Cem,
As I stated that blog article does not exactly pertain your configuration; you stated you have a single external interface, not multiple external interfaces. Do not follow those instructions verbatim. There is no need to mess with changing the weakhost send/receive settings.
And the route definition for internal should not have a METRIC given, nor do you really need the IF either. but according to your rout table you have a persistent route defined to handle internal traffic back to 10.0.0.0/16 hosts.
But if you are not able to telnet to the external ports (212.x.x.100:443, 212.x.x.101:443, etc) then that is an issue with the external firewall most likely. I see you have the default gateway set on the external interface so return traffic should be routed out the correct interfaces on the Edge server.
Are you trying to telnet to ports 443 and 3478 on the A/V Edge external IP? Because of the UDP nature and how the A/V communications are setup you won't get a response from a telnet connection in the way that you can from the Access Edge and Web Conf external IPs, so that would not be a valid test for the A/V Edge role.
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS- Marked as answer by Cem Albayrak Monday, October 19, 2009 6:11 PM
Monday, October 19, 2009 5:18 PMModerator -
after your reply i check my connection with tracert and i see a loop is terminating the traffic.
I will ask my security admin to check firewall settings.
Thanks.- Marked as answer by Cem Albayrak Monday, October 19, 2009 6:11 PM
Monday, October 19, 2009 6:11 PM