Configuring R2 A/V Edge Service for NAT

Communified.net Blog — Wed, 08 Apr 2009 23:17:39 GMT

From OCS Team blog: Rick Varvel, a Microsoft Principal Consultant has just started his blog and his first

re: Configuring R2 A/V Edge Service for NAT

mark.bauer — Fri, 10 Apr 2009 23:40:54 GMT

You wrote: if you run CMD.exe from the Edge server and type ping av.contoso.com it must return 63.123.155.5

But did not say how I get that external IP that is on the firewall in there - do I add it in the host file, put the IP address on the nic?

Thanks,

re: Configuring R2 A/V Edge Service for NAT

Rick Varvel — Sat, 11 Apr 2009 03:09:10 GMT

Hi Mark, 63.123.155.5 is only published in your external DNS. The 3 IP addresses bound to the external NIC in the Single Consolidated Edge server will be:

10.45.16.3, 10.45.16.4, and 10.45.16.5

You'd then configure your firewall to NAT 63.123.155.5 to 10.45.16.5

The key is that when you're on your Edge server and ping av.contoso.com it returns the public IP Address for av.contoso.com so that the remote client will be provided that IP address instead of the NAT'd IP address which it can't reach.

re: Configuring R2 A/V Edge Service for NAT

BrianCain — Thu, 30 Apr 2009 17:39:57 GMT

Hi Rick,

I guess from your info, you have configured your public 63.123.155.5 address on your AVEdge server as you have configured this IP for use in figure 1.2 above.

However, is this right? You have later stated that only your private addresses are configured on the edge server which is as I would expect. How else did you make the public IP available as a valid IP to choose from in the AVEdge properties dialog? I have only got my private addresses to choose from in here.

Thanks for the article; hits the nail on the head!

Brian.

re: Configuring R2 A/V Edge Service for NAT

BrianCain — Thu, 30 Apr 2009 18:38:20 GMT

I guess I'm getting confused by the fact that your figure 1.2 has a public IP in it. Can you help explain?

Many thanks,

Brian

re: Configuring R2 A/V Edge Service for NAT

jjm2958 — Mon, 18 May 2009 17:05:52 GMT

I have the same question as BrianCain. I have our consolidated edge set up with three private IPs and our firewall set up to NAT a public IP to the private. I went into the hosts file on the edge server and made an entry for our ocs AV FQDN with the public IP so that when I ping it from the edge, I get the public IP returned. I do not understand why you show a public IP in the figure 1.2 above.

The Butterfly Effect applied to OCS Edge Server R2

Rui Silva - UCspotting — Mon, 25 May 2009 18:42:39 GMT

Chances are that, if you live in one of the green countries from the picture below (courtesy of Wikipedia

re: Configuring R2 A/V Edge Service for NAT

Manos_Arriba — Wed, 27 May 2009 19:08:00 GMT

Hi,

Did anyone find a solution as to why the Public IP appeared in the diagram?

Matt

re: Configuring R2 A/V Edge Service for NAT

crhill — Thu, 25 Jun 2009 10:50:08 GMT

All,

As Rick's great blog described, in a Consolidated Edge deployment when using NAT the actual External NIC on the Edge Server will have a non-routable IP address. In Rick's example he said it was 10.45.16.5.

Clearly, no external clients can connect to that IP address.

Rick said next to configure "your firewall to NAT 63.123.155.5 to 10.45.16.5".

A server behind a NAT firewall doesn't know it's behind a NAT firewall. In the case of the OCS Edge we explicitly tell it about the NAT(using the check box), and about it's external IP address.

That way, when returning candidates, during the discover process of call setup, it will return its external IP address, instead of the IP address bound to it's physical NIC(which is a private IP address).

It's also important, that any DNS record for the AV Edge, point to the External Public IP address.

Hopefully that clarifies that points Rick made earlier.

Cheers,

Craig

re: Configuring R2 A/V Edge Service for NAT

notmen — Tue, 30 Jun 2009 15:32:43 GMT

Hi Rick,

We are very confused with figure 1.2. I can select the public IP address from the list, because the list is about the nic ip of the av edge server.

Please please help.............

Notmen

re: Configuring R2 A/V Edge Service for NAT

notmen — Thu, 02 Jul 2009 04:15:55 GMT

Hi Rick,

Sorry there is typo on the previous post.

We are very confused with figure 1.2. I CAN NOT select the public IP address from the list, because the list is about the nic ip of the av edge server.

Please please help.............

Notmen

re: Configuring R2 A/V Edge Service for NAT

notmen — Fri, 03 Jul 2009 07:46:51 GMT

Hi All,

Just got the things work!!!

Here is my settings.

*** I have no dns access from the DMZ where the consolidated edge server placed ****

1. I use the private ip of av edge external nic in figure 1.2 instead of the public ip.........

2. In the av edge server host file, add entry to resolve the av edge external FQDN to public ip of av edge. In Rick's example, it should be <av.contoso.com 63.123.155.5>.

3. Most important.......... Add a A record in the inside DNS server to resolve the internal FQDN of av edge server "av edge internal nic ip". In Rick's example, it should be <ocsedge.contoso.net 172.25.33.20>.

A very obvious symtop is before I make change in Point 3, any audio or video calling takes few seconds before the pop up appear on the callee side, no matter the caller is insider or outsider.

After Point 3, all callings appear at once at the callee side.

Hope this help all other brothers.....

Notmen.

re: Configuring R2 A/V Edge Service for NAT

Magezz — Mon, 20 Jul 2009 00:22:50 GMT

Is there any doc describe A/V call flow between External User and (External or Internal) user in OCS 2007 R2?

Same problem in a single server topology

superjoe — Fri, 07 Aug 2009 16:05:29 GMT

Hi all,

I've got exactly the same problem as the one described here.

But in my case, I only have a single test server (with just 1 NIC) that handles all the roles, so there is no edge server.

The problem is that when I go to the A/V Conferencing server properties, I have fewer options: I do not have the "External IP address is translated by NAT" checkbox and there is no place for Media port range for example.

How can I figure this out?