experchange > livecomm.general

Eric Nies (08-23-06, 03:47 PM)
I have internal users and external users. My internal users also travels,
but would like to communicate with someone internally in the company. For
these travelling users, how would you comfigure their Messenger /
Communicator client? What DNS entry? Let me make an assumption and clarify
me if I am wrong. For ALL Messenger / Communicator clients - whether
internal or external, I will configure their settings with the DNS entry of
the ACCESS PROXY - is this correct? So all internal and external clients
basically will point to the Access proxy - because even internal clients
also travel quite a bit.

I guess the confusion of mine is that I am thinking I need two different
settings for clients inside and outside the company as far as where their
client points to for DNS, and I don't think that was right.
nileshkelkar (08-23-06, 07:43 PM)
If you have different DNS for internal network point that to the
enterprise pool, if you have a different DNS for external network,
point that to the AP.

Why have the internal clients go through the AP when they can go
directly to the pool? Assuming you have MTLS/TLS and the communication
is secure from & to server/client.

Auto configure the client - add the appropriate sip dns entries for
communication & messenger.

Most organization will have different DNS, ie, internally if you
nslookup and externally nslookup - are
they different?

Choice is yours. I would have different settings internal & external.

Nilesh Kelkar

Eric Nies wrote:
[..]
Eric Nies (08-24-06, 12:55 AM)
So that's my question, the internal users are pointing to the Pool (DNS of
inside pool.internaldom.local), but what happens when they travel outside
the network? How will the client automatically point itself to the Access
Proxy since it was talking directly to the pool last time (an internal
domain)?

<nileshkelkar> wrote in message
news:8450
[..]
nileshkelkar (08-24-06, 07:29 AM)
With automatic configuration, external & internal clients will be
routed correctly AS LONG AS you have the correct srv records on the
DNS.

I highly reccomend this automatic configuration, else how would your
non technical business users run Communicator? They would need to
change the server ip address on their communicator everytime they
change location (internal or external).

Lets say on your internal network you have a DNS running on
192.168.0.10 then ensure that all the srv records are correctly setup
on this 192.168.0.10 that point to the enterprise pool (or load
balanced front end ip).

Now when external clients (remote access) want to log in using the
communicator then hopefully you have a public DNS infrastructure. Then
if the ip address of this public DNS is x.y.z.11 then have the
appropriate srv records that point to the "external edge" of the access
proxy. (ta da). Remember Access Proxy by design has two edges, one to
the public and one onto internal, AP sits in the DMZ or the perimeter
network.

You need to setup the access proxy so it routes the traffic correctly
to the next hop which is the Director, the Director authenticates the
client and routes it to the next hop which is the enterprise pool.

So in short, enable auto config on internal DNS infrastructure & the
external DNS infrastructure.

Nilesh Kelkar


Eric Nies wrote:
[..]
Eric Nies (08-24-06, 04:22 PM)
Thank you for that excelent response Nilesh, but ONE more confusion for me.
We don't control our external DNS zone. Inside the network, we are
compnay.local domain, externally, we are company.com. Our ISP handles all
DNS records for external hosts. I am not sure if they are on Windows 200x -
will the ISP be able to handle these special SRV records - the
_sip._tcp.company.com etc addresses?

Your previous concise explanation and this final question are not very clear
in any documentations - it all assumes that everyone does their own DNS
hosting - internally and externally - which is not true at all.

Thanks again.

<nileshkelkar> wrote in message
news:8030
[..]
Eric Nies (08-24-06, 05:37 PM)
Ok, I found something...basically, DNS SRV records are available for newere
DNS Server software - whether Microsoft or other -


"Eric Nies" <ericnies> wrote in message
news:4972
[..]
nileshkelkar (08-24-06, 05:44 PM)
I had to dig this information from multiple resources inlcuding LCS
MVP's.

If your external DNS is managed by a hosting company,you need to
provide them with instructions on how to setup the SRV records. Does
not matter if they are running Windows or Unix or Linux. (SRV is a DNS
concept)

Some links for SRV on non microsoft OS.



For your external clients, have public DNS setting as follows:
LCS Use - External
Protocol - TLS
Sample - _SIP._TLS.COMPANY.COM
Clients - will work for both communicator & messenger.

The Sample will be pointing to the external edge of the Access Proxy.

Regards,
Nilesh Kelkar


Eric Nies wrote:
[..]
Eric Nies (08-24-06, 07:57 PM)
Thanks for the confirmation again. Like I said, the LCS Guides and docs
makes no mention of these things (types of configurations and setup that I
have read) and ASSUMES too much.

<nileshkelkar> wrote in message
news:4210
[..]
Similar Threads