Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
how to publish live communication 2005 sp1
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
how to publish live communication 2005 sp1 - 2.Sep.2005 9:41:00 AM
|
|
|
keller
Posts: 6
Joined: 18.Dec.2004
From: Jamaca
Status: offline
|
Hi all
I have this working fine on the internal network. Teh documentation for LCS calls for two nics on the access proxy. I have this configured, but i am having a hard time trying to understand why i have to have two nics on the access proxy, if i am going to use ISA 2004 to publish the access proxy.
Anyways i have bee ntrying to find documentation on how to publish LCS 2005 sp1 through ISA 2004 and i cant seem to locate it.
Any help locating this would be greate
Thanks
|
|
|
|
RE: how to publish live communication 2005 sp1 - 2.Sep.2005 9:51:00 AM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
If you want to Server Publish the LCS AP, you'll need to create a Protocol for "SIP w/ TLS Server" under Firewall Policy\Toolbox\Protocols with the properties of TCP / Inbound / DestPort 5061 and then use this in a Server Publishing rule.
If you intend on installing the Access Proxy on ISA, create a Protocol for "SIP w/ TLS" with the properties of TCP / Outbound / DestPort 5061 and then create an Access rule that allows this protocol from External to Local Host.
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 2.Sep.2005 11:24:00 AM
|
|
|
keller
Posts: 6
Joined: 18.Dec.2004
From: Jamaca
Status: offline
|
Hey thanks ClintD for the help.
I want to publish the AP. This server has 2 nics, and it is in a workgroup. As I mentioned in my original post i have got this working on my itnernal network. When i use the communicator client, i point it to the AP and the AP has the settings for the LCS 2005 sp1, and it works.
So my questions are. Do i need to isntall the certificate from the access proxy on the ISA 2004 server? also i have put a DG on the external nic of the AP and the internal nic has no DG, both nicss have private ip's but they are on different subnets.
Any other suggestions on this? is it really that easy to get this to work through ISA? Thansk
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 2.Sep.2005 3:03:00 PM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
No need for a certificate on ISA - it's not the endpoint of the TLS negotiation. Maybe someday, the AP portion of LCS will be a App Filter for ISA - only then would the cert be needed on ISA.
Your config sounds right - all ISA is doing is translating 5061 so that's pretty straightforward.
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 7.Sep.2005 3:06:00 PM
|
|
|
kjman
Posts: 63
Joined: 2.Jun.2005
From: So cal
Status: offline
|
hey thanks Clint.
Can this setup alos support video and audio over the internet through ISA, with the firewall rules you mention?
Thanks again
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 7.Sep.2005 7:10:00 PM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
That is a good question. It should, but clients behind NAT devices are going to be the problem.
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 7.Sep.2005 7:57:00 PM
|
|
|
Jason Jones
Posts: 2154
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
ISA Server publishing breaks most LCS functionality apart from basic IM chat.
Check out the security guide for LCS as this has more info...
LCS ISA App filter can't come soon enough for me...LCS AP what a crap idea, why not use ISA with a SIP filter just like the web filter they recommend for OWA/Sharepoint...
JJ
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 7.Sep.2005 8:24:00 PM
|
|
|
kjman
Posts: 63
Joined: 2.Jun.2005
From: So cal
Status: offline
|
Man that sucks ISA 2004 wont allow the sip protocol. I never really understood the whole AP LCS thing, i mean whats the point to this? if it doenst help with the audio and video then i really dont see the purpose of it.
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 7.Sep.2005 8:34:00 PM
|
|
|
kjman
Posts: 63
Joined: 2.Jun.2005
From: So cal
Status: offline
|
Well what about this senario
If a user behind the ISA 2004 firewall iniates a video call to a user that is either not behind a firewall, or is behind a firewall that supports UPnP then this *should work*
http://www.upnp-ic.org/certification/#devices
What do you all think?
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 8.Sep.2005 6:11:00 AM
|
|
|
Jason Jones
Posts: 2154
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
Not tested, but would guess no as isa is still in the chain.
If go for the lcs ap without using isa, all the features should work (assuming no nat firewalls)...however you lose some security this way...as ever it is security vs. functionality :-)
Bit of an MS fuck up on this one IMHO and obvious the two product teams havent talked!
JJ
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 8.Sep.2005 8:50:00 AM
|
|
|
keller
Posts: 6
Joined: 18.Dec.2004
From: Jamaca
Status: offline
|
one word
LAME!
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 8.Sep.2005 9:33:00 AM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
quote:
obvious the two product teams havent talked
It's a lot of that and a little of one of the product teams (LCS) not wanting to lose one of its revenue streams to another group. That's just me being cynical though.
|
|
|
|
RE: how to publish live communication 2005 sp1 - 8.Sep.2005 9:39:00 AM
|
|
|
keller
Posts: 6
Joined: 18.Dec.2004
From: Jamaca
Status: offline
|
hey i jsut tested this out.
user A is behind ISA 2004
user B is running XP SP2 and has the XP firewall turned on with exceptions.
If user A initiates the call to user B then video and audio works greate!
Doing this in revers breaks the video and audio.
I see in the XP firewall that it does have theoption to allow UPnP, so this must be why it works.
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 8.Sep.2005 12:43:00 PM
|
|
|
kjman
Posts: 63
Joined: 2.Jun.2005
From: So cal
Status: offline
|
Wow now someone explain that! i called MS and they said that audio and video wont pass through the ISA 2004 server, but it seems like jamacamecrazy got it to work. Hmmm whats up with that?
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 9.Sep.2005 5:39:00 PM
|
|
|
Jason Jones
Posts: 2154
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
quote:
Originally posted by Jamacamecrazy:
hey i jsut tested this out.
user A is behind ISA 2004
user B is running XP SP2 and has the XP firewall turned on with exceptions.
If user A initiates the call to user B then video and audio works greate!
Doing this in revers breaks the video and audio.
I see in the XP firewall that it does have theoption to allow UPnP, so this must be why it works.
Is ISA server publishing SIPS (TCP5061) or just using acccess rules? It is the server pubs bit which breaks things IIRC.
You don't state where user A and B are e.g. on the internal network or on the internet...
Have you tried turning off the XP firewall exception for uPnP to see it this breaks it?
JJ
[ September 09, 2005, 05:40 PM: Message edited by: Jason Jones ]
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 12.Sep.2005 1:35:00 PM
|
|
|
kjman
Posts: 63
Joined: 2.Jun.2005
From: So cal
Status: offline
|
I got this working as well. I am server publishing SIPS (TCP5061) and i tested out the same setup as jamacamecrazy did, and it worked for me.
userA behind ISA 2004
userB running XP sp2 firewall on with exceptions directly connected to the internet, and is on a different ISP
UserA initiates the call to userB all video and Audio work fine. I have not tested this turning off exceptions. It is wokring this way because the windpws XP firewall is not a NAT device it is not NATING, it is simply opening and closing ports.
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 12.Sep.2005 4:13:00 PM
|
|
|
kjman
Posts: 63
Joined: 2.Jun.2005
From: So cal
Status: offline
|
Dr Shinder
Can you comment on this and give us an explanation if ISA 2004 is going to allow audio and video with LCS 2005 sp1 with the communicator clinet.
The way i see this if the audio and video does not work through NAT firewall's then the LCS product is not an enterprise product and needs to be sent back to the lab for further modifications. Lets get real here.
|
|
|
|
|
RE: how to publish live communication 2005 sp1 - 14.Sep.2005 9:36:00 PM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
This isn't really an ISA question - it's an LCS/Messenger/Communicator question and I'm not sure how much Tom know's about these products.
The same issue would occur with any NAT firewall so you should post this on the MS LCS newsgroups.
[ September 14, 2005, 09:37 PM: Message edited by: ClintD ]
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
