locked
Communicator external voice connectivity problems RRS feed

  • Question

  • hi all!

     

    We're deploying OCS in our org and now it's time to introduce consolidated edge into ocs topology for external clients connectivity. So my edge is located in perimeter network. Perimiter network has back-to-back topology and public ip's. Front router/firewall routes traffic into perimeter network. Back firewall (ISA Server 2006) nat's traffic from internal network to external and routes traffic from internal network to perimeter network. Edge itself has 2 NIC's with one public IP assigned to each of them. Those 2 IP's are from the same subnet (let's say 12.34.56.78 and 12.34.56.79) and one of them is configured as internal and another - as external for all 3 edges (access, web and a/v). Both firewall's have rules to allow necessary traffic to edge server from interal and external networks.

    Now when i connects with communicator from the internet it connects well and i can exchange im's with my collegues in the internal network, but when i try to make a communicator call it fails with the message that communicator stopped recieving audio from the other part.

    At the same time when i monitor triffice on back ISA Server i see the internal client trying to establish RTP connection right with the external client without connecting to a/v edge.

     

    i assume that my problem is in edge topology design so i would like to ask will this design work at all and how to correct it?

     

    thanks in advance!

    Tuesday, July 15, 2008 7:21 AM

All replies

  •  

    You only have one IP for all 3 external roles?

    You talk about NAT in your post... dont forget that neither the external A/V Edge IP nor the A/V edge internal IP can have NAT. In adition. the external A/V Edge IP needs to be a public fully routable IP.

    That's probably why your having problems.

     

    From OCS_EdgeServerDeploy.doc:

    Note
    To conform to the requirement of a publicly routable IP address of the A/V Edge Server, the external firewall of the perimeter network must not act as a NAT (Network Address Translator) for this IP address.
    Additionally, the internal firewall must not act as a NAT for the internal IP address of the A/V Edge Server. The internal IP address of the A/V Edge Server must be fully routable from the internal network to the internal IP address of the A/V Edge Server.

    Tuesday, July 15, 2008 8:55 AM