locked
AV routing problem between internal and external user RRS feed

  • Question

  •  

    Helo together,

     

    We have deployed OCS 2007 Enterprise in our private Network. Everyting works fine.

    Then we have deployed edge Server in our dmz. All roles are located on the same edge server hardware. The edge server has one internal interface with a private IP and one interface with three external public IP Addresses - each for one role.

     

    When a user in the internal network calls another user in the internal network via AV it works.

    When a internal user calls an external user AV doesn't work.

    If an external user calls an external user who is not behind the same firewall or same subnet AV doesn't work.

    If an external user calls an external user who is behind the same firewall or same subnet everthing works fine!

    IM works in all cases fine!

     

    Does anyone know where the problem is?

     

    Thanks!

    Sunday, June 15, 2008 1:25 PM

All replies

  •  

    Enable logging on the client (Tools --> Options --> General Tab --> Enable Logging).  Start a call with the external client.

     

    After it fails, close Communicator and open the UCCP log file ($userprofile%\tracing) with snooper.exe (from the OCS 2007 resrouce kit).

     

    Search for Invite sip

     

    You will see the Invite being sent out.  Right click on the Invite and select show related.  This should show the entire message chain.  Inside these sip messages, you will see a-candidates.  These are the ports and IP address that communicator has available to use.  It should include the ROUTABLE ip address of the A/V edge server.  A little bit down, you should see a re-invite (another INVITE SIP) message with the ports/ip addresses that that the 2 communicator clients negotiated.  It should be the A/V edge ip address.  If it isn't included, then the client was not able to get its dynamic ports from the edge server (typically udp port 3478).  Make sure the clients are able to get to that port.

     

    Some more information, after you log in, you should see a service request to the AV edge with a 200 OK returned.  If you don't get the 200 OK then you will never get a chance to the ports on the A/V edge.

     

    Monday, June 16, 2008 8:40 PM
  • If users are external and in same subnet then Audio is Peer to Peer so no AV EDGE service is used

    You problem might be related that you do not have a public routeable IP Address on your AV Edge server, that is a requirement

    You must also check all ports that are required to be open on the EDGE Server

    UDP 3478, TCP 443
    UDP 50,000-59,999
    TCP 50,000-59,999

     

    Monday, June 16, 2008 9:47 PM