locked
Lync 2010 & ISA 2006 Issue RRS feed

  • Question

  • Hi Guys.

    I hope someone can assist us.

    A 3<sup>rd</sup> party company installed Lync 2010 for a client of our – but
    did not complete the installation 100% - we’ve also noted a few issue in the
    deployment.

    This is what they have.

    Router                  à           ISA 2006 external nic      à           ISA 2006 internal nic        àInternal Network       à           (Edge                    Front End Server)
    aaa.aa.aa.aa                       aaa.aa.aa.ab                                bb.bb.bb.ba                                                                     bb.bb.bb.bb                 bb.bb.bb.bc

    The Edge Server  & Front End server is Windows 2008 R2 Standard Edition.

    ISA 2006 Server does in fact have a perimeter leg on the
    172.x.x.x range.

    So we are planning on moving the Edge server to the DMZ in
    the next week.

    As for Lync functionality this is currently working (Note that the client did not opt for Enterprise voice.)

    IM          :An AD authenticated user on Lync client ßinternal network à An AD authenticated user on Lync client [works 100%]

    IM          :An AD authenticated user on Lync client ßexternal network à An AD authenticated user on Lync client [works 100%]

    IM          :An AD authenticated user on Lync client ßexternal network à A Federated partner user on Lync client [works 100%]

    A/V        :An AD authenticated user on Lync client ßinternal network à An AD authenticated user on Lync client [works 100%]

    A/V        :An AD authenticated user on Lync client ßexternal network à An AD authenticated user on Lync client [works 100%]

    A/V        :An AD authenticated user on Lync client ßexternal network à A Federated partner user on Lync client [does not work at all]

    Desktop & Application Sharing   :An AD authenticated user on Lync client ß internal network à An AD authenticated user on Lync client [works 100%]

    Desktop & Application Sharing   :An AD authenticated user on Lync client ß external network à An AD authenticated user on Lync client [works 100%]

    Desktop & Application Sharing   :An AD authenticated user on Lync client ß external network à A Federated partner user on Lync client [does not work at all]

    What could cause this?

    Both users AD and Federated user do have permission on their own Lync policies to use these functions.

    The error that we get from the federated partner logs is as follows.

    ms-client-diagnostics 26 reason a federated call failed to establish due to a media connectivity failure where one endpoint is internal and the other is remote.

    Is there perhaps something missing from ISA 2006 access rule or publishing rule specific to Federation?

    Tuesday, March 27, 2012 11:24 AM

Answers

  • The fundamental flaw in the design is that ISA cannot do NAT Translations for EDGE Correctly.  You must use Routing to EDGE if you want to publish EDGE via ISA.

    Or use another Firewall that supports 1 to 1 NAT


    - Belgian Unified Communications Community : http://www.pro-lync.be -

    Tuesday, March 27, 2012 9:52 PM

All replies

  • The fundamental flaw in the design is that ISA cannot do NAT Translations for EDGE Correctly.  You must use Routing to EDGE if you want to publish EDGE via ISA.

    Or use another Firewall that supports 1 to 1 NAT


    - Belgian Unified Communications Community : http://www.pro-lync.be -

    Tuesday, March 27, 2012 9:52 PM
  • Hi,

    Unfortunately ISA can not do one to one NAT which is why you have to use some firewall which should support 1 to 1 NAT. the onl possiblity in ISA is to route the traffic between the networks but NAT is not possible through ISA. if you are having ISA server between Edge and FE servers then you should allow traffic between Edge and FE through ISA. you also should move Edge server to DMZ but on exxternal firewall you should have router.


    If answer is helpful, please hit the green arrow on the left, or mark as answer. Salahuddin | Blogs:http://salahuddinkhatri.wordpress.com | MCITP Microsoft Lync

    Tuesday, March 27, 2012 10:00 PM
  • Hi vanwykm,

    Any update?

    If you implement NAT in front of your A/V Edge Servers, your users could experience intermittent connectivity problems and may not even be able to establish a connection. And you can refer to this article.

    In addition, please also check if you’ve opened the necessary connections on the firewall. Hope helps.


    Noya Lau

    TechNet Community Support

    Thursday, March 29, 2012 3:12 AM
    Moderator
  • I have found an article where someone claims to have ISA and Lync working together.

    http://www.lync-blog.nl/?p=325&lang=en


    Please remember to click “Mark as Answer” if this resolved the issue.

    Saturday, March 31, 2012 4:00 PM