locked
Consolidated Edge server - ping question RRS feed

  • Question

  • Was just reading a MS article that states "Additionally, if the A/V Edge service is behind a NAT, you must ensure that the Edge Server can resolve its public FQDN within the perimeter network. To test this, log on directly to the Edge Server itself, ping the external FQDN of the A/V Edge service  (for example, av.contoso.com), and ensure that the IP address returned is the public IP address listed in your external DNS. If the IP address returned is the NAT IP address, then edit the DNS A record used by the Edge Server so it contains the public IP address, and restart the A/V Edge service."

    When I ping AV.domain.com or WebConference.domain.com from the internal Edge, I get 'host not found. please try again'.

    I can ping the services from external connections with no problem.

    Should I create internal DNS A records that resolve to the Publicly external IP's of these entries based on the snip above from MS?
    Monday, October 12, 2009 8:52 PM

Answers

  • Hi there,

    Yes, you'll need to to create those  AV.domain.com and WebConference.domain.com (and sip.domain.com) in your public DNS space no matter what.  Otherwise remote clients and federated partners will not be able to reach your edge server.

    As for the Edge resolving the AV FQDN, you'll want to configure your Edge server to use your company's public DNS server.  That way it'll pick up the FQDN entry just like everyone else on the Internet.  You'll need to do this anyway if you want to enable Federation, since the Edge needs to be able to resolve DNS entries like (SRV) _sipfederationtls._tcp.<federateddomain> and sip.<federateddomain>.

    Some companys also have DNS servers in the perimeter that resolve Internet addresses.  If so, you can use that, but be sure it resolves Internet addresses in addition to perimter server addresses.

    Also don't forget to set the default gateway to point to to the Internet and add a static route pointed to your internal firewall for packets destined for your corporate subnet.  (The internal firewall cannot be NATed...it must have a routing relationship with the AV Edge.)

    thanks,
    Alan Shen
    MVP and MCM

    Tuesday, October 13, 2009 1:34 AM