Solved

How do I share files with users outside of my firewall with Office Communicator 2005?

Posted on 2007-11-30
7
1,039 Views
Last Modified: 2012-08-13
I work for a company which has charged me the task of making Communicator 2005 our central chat and meeting client.  Right now everything works well behind the firewall and I can even send files from outside of the firewall to myself, but when I try and send files from behind the firewall to outside of the firewall I receive the following error:

Cannot send "file.txt" to USER. This may be due to firewall restrictions or network problems. Please try again. If you need further assistance, contact your system administrator.

The system outside of the firewall receives the following error:

You cannot received the file "file.txt" from USER.  This may be due to the firewall restrictions or network problems.  If you need further assistance please contact your system administrator.

I have port 6891 open with the firewall software we use and we have 5060 and 5061 open on our Cisco PIX.  

Any help would be greatly appreciated.
0
Comment
Question by:BRNIIT
  • 3
  • 3
7 Comments
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20409931
Hi BRNIIT
   From Microsoft...
 What ports are required for external access?
A. In order for external access to succeed, Communicator Mobile needs to use TLS transport. By default, port 5061 is used, but other ports, such as port 443, can be used for external access. If you configure a nondefault port for external access, the Communicator Mobile clients that connect to the server must be configured to include the port information in the server address. The correct format is <server address>:<port number>. For example, the client should be configured to use sip.contoso.com:443 if port 443 has been configured on the sip.contoso.com server.

For more information about this port configuration on the Access Proxy, see "Configuring the Internal and External Edges of an Access Proxy" in Live Communications Server 2005: Deploying Access Proxy and Director.
 
Can you post your sanitized PIX config?

Regards
0
 

Author Comment

by:BRNIIT
ID: 20411198
Here's the santized PIX config:

PIX Version 6.3(4)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password *** encrypted
passwd *** encrypted
hostname mypix
domain-name mydomain.com
clock summer-time UTC recurring 2 Sun Mar 1:00 1 Sun Nov 2:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip 5061
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list from_outside permit tcp any host 111.111.111.111 eq 5061
no pager
mtu outside 1500
mtu inside 1500
ip address outside 111.111.111.2 255.255.255.240
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 111.111.111.111 192.168.1.22 netmask 255.255.255.255 0 0
access-group from_outside in interface outside
route outside 0.0.0.0 0.0.0.0 111.111.111.1 1
route inside 10.1.0.0 255.255.0.0 192.168.0.2 1
route inside 10.2.0.0 255.255.0.0 192.168.0.3 1
route inside 10.3.0.0 255.255.255.0 192.168.0.3 1
route inside 10.10.10.0 255.255.255.0 192.168.0.3 1
route inside 10.10.20.0 255.255.255.0 10.1.1.3 1
route inside 10.100.1.0 255.255.255.0 192.168.0.3 1
route inside 172.16.3.0 255.255.255.0 192.168.0.2 1
route inside 172.17.0.0 255.255.0.0 192.168.0.3 1
route inside 192.168.1.0 255.255.255.0 192.168.0.2 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.0.0 255.255.255.0 inside
http 10.1.8.201 255.255.255.255 inside
http 10.1.1.199 255.255.255.255 inside
http 10.1.8.58 255.255.255.255 inside
snmp-server host inside 10.1.0.104 poll
no snmp-server location
no snmp-server contact
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
telnet 10.0.0.0 255.0.0.0 inside
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80

0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20411272
static (inside,outside) 111.111.111.111 192.168.1.22 netmask 255.255.255.255 0 0

static is for 192.168.1.22 but PIX does not have an interface in this range. What is the gateway IP address of 192.168.1.22. Is 192.168.1.22 the Office Communicator server?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:BRNIIT
ID: 20411324
This line takes care of routing to the 192.168.1.0 ip range:

route inside 192.168.1.0 255.255.255.0 192.168.0.2 1

Yes, that ip address is the Access Proxy server.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20412327
 This line takes care of routing to the 192.168.1.0 ip range:
   route inside 192.168.1.0 255.255.255.0 192.168.0.2 1
    This is useful only when a computer in 192.168.0 network wants to browse 192.168.1.22. Is 192.168.0.2 a router or a switch vlan gateway?
0
 

Accepted Solution

by:
BRNIIT earned 0 total points
ID: 20412759
192.168.0.2 is a router - its inside ip address is 192.168.1.1, which it uses to talk to the 192.168.1.x network.

So, traffic from the internet to my LCS access proxy server goes

internet --> 111.111.111.111 (pix translates to 192.168.1.22) --> 192.168.0.2 (since that is the static route on the pix) --> 192.168.1.1 (inside interface of the router) --> 192.168.1.22
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now