locked
Voice and video wont work when the user is on the internet RRS feed

  • Question

  •  

    So my setup looks like this.

    Natted OC Client ip 192.168.100.2

    ->

    FW external ip 213.50.98.132

    ->

    Internet

    ->

    Frontend FW (yes im routing the traffic)

    ->

     OCS Edge server external ip 213.50.60.129

    And internal facing ip 192.168.140.9 (perimeter network)

     ->

     Backend FW 192.168.140.254 (perimeternetwork)

    And internal facing ip 192.168.10.254 (internal network)

    ->

     OCS Std server 192.168.140.62

    Mediation LAN ip 192.168.10.71 (ip facing the sip gw 192.168.1.1 connected with only a cable)

     exchange 2007 192.168.10.50

    The Edge has a public ip and internet is routed to that it, and the perimeter network is routed to the internal network as well.

     

    So if I am on my internal network or connected with VPN with my client everything works fine.

    But if I am on the internet lets say at home and connect with my communicator it can send and recive IM just fine. But if I try to make a external call and monitor in my firewall on the client side I can see that my client tries to connect to the ip address of my mediation server both the LAN ip and the ip facing the sip gw???

    And if I try to call my voice mail on the exchange I can see that it tries to connect directly to 192.168.10.50

    But if I look in the logs of the FW on the server side I can see that my servers are trying to connect to the ip address of 192.168.100.2

    And if i try to make a communicator to communicator call it just shows me both of the natted ip in the logs. 

     

    And this really makes me confused???? It seems like the client thinks its on the internal LAN?

    Or i dunno.. help?

    Tuesday, September 4, 2007 3:59 PM

Answers

  • Hi Tommy,

    I've had this trouble before and it is most likely that the external communicator clients aren't able to talk with your Edge Server's A/V conference service properly.

     

    When you are doing an external-internal voice or video call, or a call between two external clients, it needs to use the Edge A/C conference service (even though it's only 2 people, not a conference)

     

    If your external clients can't talk to your A/V edge service, the external client tries to talk to the inside client using their private IP addresses. This sounds crazy, but the logic behind it is that if you had two external clients on the same LAN (like at a remote office, say) it would be best for them to talk peer-to-peer if they could. So communicator tries using the local IPs. (192.168.x.x or whatever) if that doesn't work it tries using the A/V edge service.

     

    So here is my advice:

     

    1) make sure that you have an external DNS entry for the A/V edge conf service (avedge.company.com) and that it resolves to the correct IP

    2) make sure that your Firewall has all the right ports open  for the A/V edge conference service (see the edge_deploy.doc)

    3) check to see if you can telnet to port 443 of the avedge.company.com from outside the firewall

    4) run the server validation wizard on the Edge for the A/V conf component. Also run the A/V validation wizard on the front-end. This will tell you if there are any problems with the edge A/V talking to the front-end's services. This turned out to be the problem for me. On the front end server I didn't specify the correct fqdn and port for my A/V edge.

     

     

    Regards,

    Matt

     

     

    Thursday, September 6, 2007 6:02 PM

All replies

  • Hi Tommy,

    I've had this trouble before and it is most likely that the external communicator clients aren't able to talk with your Edge Server's A/V conference service properly.

     

    When you are doing an external-internal voice or video call, or a call between two external clients, it needs to use the Edge A/C conference service (even though it's only 2 people, not a conference)

     

    If your external clients can't talk to your A/V edge service, the external client tries to talk to the inside client using their private IP addresses. This sounds crazy, but the logic behind it is that if you had two external clients on the same LAN (like at a remote office, say) it would be best for them to talk peer-to-peer if they could. So communicator tries using the local IPs. (192.168.x.x or whatever) if that doesn't work it tries using the A/V edge service.

     

    So here is my advice:

     

    1) make sure that you have an external DNS entry for the A/V edge conf service (avedge.company.com) and that it resolves to the correct IP

    2) make sure that your Firewall has all the right ports open  for the A/V edge conference service (see the edge_deploy.doc)

    3) check to see if you can telnet to port 443 of the avedge.company.com from outside the firewall

    4) run the server validation wizard on the Edge for the A/V conf component. Also run the A/V validation wizard on the front-end. This will tell you if there are any problems with the edge A/V talking to the front-end's services. This turned out to be the problem for me. On the front end server I didn't specify the correct fqdn and port for my A/V edge.

     

     

    Regards,

    Matt

     

     

    Thursday, September 6, 2007 6:02 PM
  •  

    OOOOOOHHHHHHH!!!!!!!!!

    I thought i locked trough the settings a million times now and how the .... could i miss that...

    So what i did wrong was to set the AV auth port on my OCS server to 443 instead of 5062

     

    So thanks for the eyeopener..

     

     

    Thursday, September 6, 2007 8:16 PM
  • Hi Tommy,

    I did the exact same thing. The setup of the front-end server is a little confusing when it asks you for the A/V server and ports. And the OCS docs tell you to put the internal AND the external interfaces and ports in. That's confusing because the external interface does use port 443, but you don't really want the front-end talking to the external interface of your A/V edge.

     

    Well, glad it's working for you now!

     

    Rgards,

    Matt

     

    Thursday, September 6, 2007 8:32 PM
  • I have had the exact issue for two months now, Bu tI am somewhat confused by the solution:

    Pool/Global Properties/edge servers.  It asks for my internal FQDN for the AV edge server and port.  I have internalfqdn.corp.com port:443

     

    On the Edge server , I have externalfqdn.corp.com port:443 for the AV edge

     

    Am I to understan that I should have both listed on the FE?  Shoudl one of them be 5062?  And if so, what should be done to configure it as such.  many thanks in advance.

     

    Wednesday, September 12, 2007 9:56 PM
  • On the Pool/Global Properties/edge servers you should put in the interal FQDN of your Edge server's internal interface and port 5062.

     

    On the edge server, you have everything configured correctly.

     

    You do not need to list both in the FE - just the internal FQDN of the edge server's inside interface and port 5062

     

    Regards,

    Matt

     

    Wednesday, September 12, 2007 10:00 PM
  •  

    Damn Matt... you beat me with about 5 sec from answering that post....

     

    hehe well cheers Smile

    Wednesday, September 12, 2007 10:04 PM
  • Thanks to both of you!  Two months of misery ended..made the changes, rebooted the FE, and all is well.  Thanks again.

     

    Thursday, September 13, 2007 1:07 AM