During my attendance of OCS ignite tour training and some other OCS events, we have been informed that OCS edge video servers cannot be located behind a NAT device e.g. firewall, this is due to the fact the Video conferencing doesn’t work correctly with NATing, so the design was saying give the Edge NIC a real IP and place it directly on the internet.
I have been working a while with ASA and I have tested my configuration, you don’t need a NAT device in ASA (5520,5540) V7 or V8 (this is my testing so results could be true), the edge server could have a real IP on its NIC, and placed in the DMZ for example, in this case the ASA will filter the packets only as a firewall and will not do Natting, creating a DMZ for the edge server might be a hustle but this is not the case if you created sub interfaces.
This might be a tricky discussion when talking to Microsoft partner or consultant since this is not the case of ISA 2006, but you can do the above configuration safely on your ASA.
I am thinking about creating routing rule between the DMZ in ISA server and the internal/external network but I didn’t have the chance to test it, so this might do the trick instead of placing your video edge server naked in the desert.
No comments:
Post a Comment