locked
deny peer 2 peer calls RRS feed

  • Question

  • Hello!
    I'm need something strange.

    I have OCS 2007r2 SE server in DMZ, and users in Main office and in Branch offices.
    When i make a call from Main office to Branch, clients try to connect directly, but i need connection througth OCS server.
    how can i do that?
    There is no Edge server.

    p.s. Sorry for my bad English.


    Best regards, Ivan.
    bye-bye!
    Thursday, July 23, 2009 6:46 AM

Answers

  • Hi -

    You will need a mediation server, in which you will have to define your location profiles, normalization rules and user specific policies.  Based on how your telephony is setup, you may require an IP gateway for media transcoding since OCS only converse in RTP and SRTP (RTAudio/RTVideo) formats.

    http://technet.microsoft.com/en-us/library/dd441140(office.13).aspx

    James
    Thursday, July 23, 2009 1:29 PM
  • This depends on what the OP means by 'make calls'.  For Communicator IP audio 'calls' the clients will always attempt a peer-to-peer connection first before failing back to an Edge server, regardless of whether they are both internal or external.  I don't know if there is a client registry settings that can change that default behavior.

    But if by 'calls' he means Enterprise Voice VoIP calls, then the medation server configuration that James posted is probably the best approach.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, July 27, 2009 12:47 PM
    Moderator

All replies

  • Hi -

    You will need a mediation server, in which you will have to define your location profiles, normalization rules and user specific policies.  Based on how your telephony is setup, you may require an IP gateway for media transcoding since OCS only converse in RTP and SRTP (RTAudio/RTVideo) formats.

    http://technet.microsoft.com/en-us/library/dd441140(office.13).aspx

    James
    Thursday, July 23, 2009 1:29 PM
  • I am guessing you require users to go through the front end server for security/policy purposes instead of point to point connections?

    Let me know if that is the case I will try to dig something up on that, I know you can force Instant Messages to pass through the front end server, not sure about audio calls.

    Randy Wintle | MCTS: UC Voice Specialization | WinXnet Inc
    Friday, July 24, 2009 12:34 PM
  • If you want users to go via the server and not Point to point then you require an EDGE Server where the users act as if they come from the internet, this server will relay the conversation between the users.

    If you want to deny P2P calls completely then you can use the Group Policies to disable P2P audio


    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Monday, July 27, 2009 11:19 AM
  • This depends on what the OP means by 'make calls'.  For Communicator IP audio 'calls' the clients will always attempt a peer-to-peer connection first before failing back to an Edge server, regardless of whether they are both internal or external.  I don't know if there is a client registry settings that can change that default behavior.

    But if by 'calls' he means Enterprise Voice VoIP calls, then the medation server configuration that James posted is probably the best approach.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, July 27, 2009 12:47 PM
    Moderator
  • Hello again.

    There is same problem again. I installed a new Edge server. and now i have this tolopogy:


          (internet)
               |
             Cisco - (Cisco VPN) - Branch Offices  (192.168.2-10.*)
               |
               |
            Proxy  ------ Edge (dmz)
            /         \            |
          /             \          | 
       LAN            OCS  (192.168.0.6)
    (192.168.1.*)
    (192.168.0.*)

    Branche offices have tunnels to main cisco and adress pools  192.168.x.y, where x - number office. y - computer number.
    Cisco, Proxy, Edge has real (white) IP-adresses.
    OCS is located in LAN.
    There is direct link Between EDGE and OCS.

    Then i do a call from 192.168.3.10 (branch) to 192.168.1.56 (main office), Communicator try to connect directly, but i need for they make a call throuth EDGE (or OCS).
    bye-bye!
    Wednesday, July 29, 2009 5:58 AM
  • That would be not so easy to do

    All calls via OCS EDGE:
    - Then all your Branch offices must be connected to DMZ only (Otherwise Peer to Peer call)
    - And no routing between Branch offices (Otherwise Peer to Peer call)


    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Wednesday, July 29, 2009 11:52 AM
  • Deli, I'm don't understand you.

    Proxy deny access from branch to LAN and DMZ. (but ports needs for communicator opened)
    bye-bye!
    Thursday, July 30, 2009 3:35 AM