Alan Morris
Guest
|
 Posted:
Tue Jan 11, 2005 4:23 pm Post subject:
LCS 2005 Dual Homed |
|
|
Scenario:
Dual Homed LCS2005 server outside connected to sort of dmz, inside
connected to office network. Plan is to allow external users (via VPN
on external CISCO box) to access the outside of the LCS server whilst
inside users access the inside.
Are there any issues in doing this?
So far my trials show that inside users can use LCS successfully,
whilst one on the outside network seem to have problems, esp white
board and audio sharing.
Any pointers anyone aware of?
Regards, |
|
Bob Christian
Guest
|
| Posted:
Thu Jan 13, 2005 9:23 am Post subject:
Re: LCS 2005 Dual Homed |
|
|
There have been several errors noted when using a dual-homed or multi-homed
LCS installation. These were with two inside cards, both registered with
DNS, and the server was routing packets back over multiple paths (the
traffic may come in on 192.168.1.2 and go out on 192.168.1.3, or
vice-versa). The official recommendation, based upon the information from
the Microsoft folks and the Microsoft documentation, is to utilize an access
proxy in order to enable an outside user scenario.
White Board and Audio Sharing are peer-to-peer operations. The request goes
through the LCS server, but the connection is between Messenger clients.
TomL from Microsoft and Johnathan Kay (MVP for Messenger) have posted some
good articles regarding the ports. Tom's article actually goes a bit more
in depth regarding the LCS portion:
http://blogs.msdn.com/toml/archive/2004/11/30/272486.aspx Johnathan's
articles are copyright, and I do not know if he allows direct-linking to his
website. You can find the articles via Google Groups searching for ports in
group : microsoft.public.windowsxp.messenger
Microsoft has provided some excellent documentation, which reviews
peer-to-peer communication:
Windows Messenger in Windows XP: Working With Firewalls and Network Address
Translation Devices
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/worki01.mspx
Using Microsoft Windows XP Professional with Service Pack 1 in a Managed
Environment: Controlling Communication with the Internet
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/26_xpmsg.mspx
Granted, all of these take a little reading, but they are worth the time.
Searching for ' "Windows Messenger" port 6891 ' or ' "Windows Messenger"
port 1503 ' will net a bunch of articles. Port 6891 is the starting port
for file sharing and 1503 is the port for whiteboard collaboration.
I have only done sniffs on SIP packets to ensure the TLS was working as
promised and that the data packets were encrypted, but haven't sniffed or
ran netstat -a to check ports. One thing I noted (and I think I have seen
it documented) is that SIP uses random ports on the client to send to port
5061 and the server routes back to that port on the client. One I remember
was IP:3434 to LCS:5061.
Bob
"Alan Morris" <alan@address-witheld.com> wrote in message
news:a2a7u0p473mlcrf6rfqdpqn54itu059kus@4ax.com...
| Quote: | Scenario:
Dual Homed LCS2005 server outside connected to sort of dmz, inside
connected to office network. Plan is to allow external users (via VPN
on external CISCO box) to access the outside of the LCS server whilst
inside users access the inside.
Are there any issues in doing this?
So far my trials show that inside users can use LCS successfully,
whilst one on the outside network seem to have problems, esp white
board and audio sharing.
Any pointers anyone aware of?
Regards, |
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in