locked
IM notifications visible from outside the firewall users.. but no message box comes up (vanish).. help? RRS feed

  • Question

  •  

    If i have a user sign into communicator (not web, but the full blown one) from offsite, outside the firewall... they arent using vpn.. their client is set to TCP and the wan address.. I've opened port 5060 on the firewall..

     

    So they send a message to an internal (behind the firewall) user and the message notification appears, with the content of the message in the lower right.. but they never actually receive a message box.. if they try to IM the other user.. messages usually dont go through...

     

    Does anyone know why this is occurring.. or how to fix it?

     

    Thanks in advance

    Friday, November 9, 2007 2:30 AM

All replies

  • You need an Edge server for this scenario and certificates for this scenario - it sounds like you're publishing your OCS server directly to the internet and opening 5060.  Aside from not working (as you've noticed) and not being supported, this is also a major security no-no.

     

    Friday, November 9, 2007 10:42 AM
    Moderator
  •  Mike Stacy wrote:
    You need an Edge server for this scenario and certificates for this scenario - it sounds like you're publishing your OCS server directly to the internet and opening 5060.  Aside from not working (as you've noticed) and not being supported, this is also a major security no-no.

     

     

    I was under the impression the only thing we would need an edge server for, was if we wanted to use TLS over the internet or live meeting conferencing offsite.. as in 2005 this worked fine via TCP for purely IM purposes..

     

    Is the basic steps to get this working.. install on another server (joined to the domain or not, i'm guessing not).. is it necessary to have a public ip address assigned to a nic on this box.. then install the edge server roles and use our "external" ssl certificate, upon which we can actually have internet users use TLS or tcp.

     

    Thanks

     

     

    Friday, November 9, 2007 2:47 PM
  • The Edge server does not need a public IP unless you are using the A/V Edge service.  IM and Web Conferencing can be access via NAT.  Users accessing the system via an Edge server will be required to use TLS.

     

    Check out the Edge Server Deployment Guide for full details.

    http://www.microsoft.com/downloads/details.aspx?familyid=ED45B74E-00C4-40D2-ABEE-216CE50F5AD2&displaylang=en

    Friday, November 9, 2007 3:23 PM
    Moderator
  •  Mike Stacy wrote:

    The Edge server does not need a public IP unless you are using the A/V Edge service.  IM and Web Conferencing can be access via NAT.  Users accessing the system via an Edge server will be required to use TLS.

     

    Check out the Edge Server Deployment Guide for full details.

    http://www.microsoft.com/downloads/details.aspx?familyid=ED45B74E-00C4-40D2-ABEE-216CE50F5AD2&displaylang=en

     

    Is ISA server a requirement or are we fine just with our standard firewall etc..

     

    Ill be looking into the edge server idea soon.. probably as a virtual server though, as we dont have a way to do so physically right now.

     

     

    Friday, November 9, 2007 5:04 PM
  •  markm75c wrote:
     Mike Stacy wrote:

    The Edge server does not need a public IP unless you are using the A/V Edge service.  IM and Web Conferencing can be access via NAT.  Users accessing the system via an Edge server will be required to use TLS.

     

    Check out the Edge Server Deployment Guide for full details.

    http://www.microsoft.com/downloads/details.aspx?familyid=ED45B74E-00C4-40D2-ABEE-216CE50F5AD2&displaylang=en

     

    Is ISA server a requirement or are we fine just with our standard firewall etc..

     

    Ill be looking into the edge server idea soon.. probably as a virtual server though, as we dont have a way to do so physically right now.

     

     

     

    Actually.. does ISA server allow such things as multiple IIS sites behind the firewall to have port 443 open.. ie:  right now, we have port 443 open on our exchange server, its not possible with our firewall to have port 443 open on both servers at the same time.. i'm not sure if ISA enables such ability?

     

     

    Friday, November 9, 2007 7:06 PM