Solved

How do I share files with users outside of my firewall with Office Communicator 2005?

Posted on 2007-11-30
7
1,042 Views
Last Modified: 2012-08-13
I work for a company which has charged me the task of making Communicator 2005 our central chat and meeting client.  Right now everything works well behind the firewall and I can even send files from outside of the firewall to myself, but when I try and send files from behind the firewall to outside of the firewall I receive the following error:

Cannot send "file.txt" to USER. This may be due to firewall restrictions or network problems. Please try again. If you need further assistance, contact your system administrator.

The system outside of the firewall receives the following error:

You cannot received the file "file.txt" from USER.  This may be due to the firewall restrictions or network problems.  If you need further assistance please contact your system administrator.

I have port 6891 open with the firewall software we use and we have 5060 and 5061 open on our Cisco PIX.  

Any help would be greatly appreciated.
0
Comment
Question by:BRNIIT
  • 3
  • 3
7 Comments
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20409931
Hi BRNIIT
   From Microsoft...
 What ports are required for external access?
A. In order for external access to succeed, Communicator Mobile needs to use TLS transport. By default, port 5061 is used, but other ports, such as port 443, can be used for external access. If you configure a nondefault port for external access, the Communicator Mobile clients that connect to the server must be configured to include the port information in the server address. The correct format is <server address>:<port number>. For example, the client should be configured to use sip.contoso.com:443 if port 443 has been configured on the sip.contoso.com server.

For more information about this port configuration on the Access Proxy, see "Configuring the Internal and External Edges of an Access Proxy" in Live Communications Server 2005: Deploying Access Proxy and Director.
 
Can you post your sanitized PIX config?

Regards
0
 

Author Comment

by:BRNIIT
ID: 20411198
Here's the santized PIX config:

PIX Version 6.3(4)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password *** encrypted
passwd *** encrypted
hostname mypix
domain-name mydomain.com
clock summer-time UTC recurring 2 Sun Mar 1:00 1 Sun Nov 2:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip 5061
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list from_outside permit tcp any host 111.111.111.111 eq 5061
no pager
mtu outside 1500
mtu inside 1500
ip address outside 111.111.111.2 255.255.255.240
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 111.111.111.111 192.168.1.22 netmask 255.255.255.255 0 0
access-group from_outside in interface outside
route outside 0.0.0.0 0.0.0.0 111.111.111.1 1
route inside 10.1.0.0 255.255.0.0 192.168.0.2 1
route inside 10.2.0.0 255.255.0.0 192.168.0.3 1
route inside 10.3.0.0 255.255.255.0 192.168.0.3 1
route inside 10.10.10.0 255.255.255.0 192.168.0.3 1
route inside 10.10.20.0 255.255.255.0 10.1.1.3 1
route inside 10.100.1.0 255.255.255.0 192.168.0.3 1
route inside 172.16.3.0 255.255.255.0 192.168.0.2 1
route inside 172.17.0.0 255.255.0.0 192.168.0.3 1
route inside 192.168.1.0 255.255.255.0 192.168.0.2 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.0.0 255.255.255.0 inside
http 10.1.8.201 255.255.255.255 inside
http 10.1.1.199 255.255.255.255 inside
http 10.1.8.58 255.255.255.255 inside
snmp-server host inside 10.1.0.104 poll
no snmp-server location
no snmp-server contact
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
telnet 10.0.0.0 255.0.0.0 inside
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80

0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20411272
static (inside,outside) 111.111.111.111 192.168.1.22 netmask 255.255.255.255 0 0

static is for 192.168.1.22 but PIX does not have an interface in this range. What is the gateway IP address of 192.168.1.22. Is 192.168.1.22 the Office Communicator server?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:BRNIIT
ID: 20411324
This line takes care of routing to the 192.168.1.0 ip range:

route inside 192.168.1.0 255.255.255.0 192.168.0.2 1

Yes, that ip address is the Access Proxy server.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20412327
 This line takes care of routing to the 192.168.1.0 ip range:
   route inside 192.168.1.0 255.255.255.0 192.168.0.2 1
    This is useful only when a computer in 192.168.0 network wants to browse 192.168.1.22. Is 192.168.0.2 a router or a switch vlan gateway?
0
 

Accepted Solution

by:
BRNIIT earned 0 total points
ID: 20412759
192.168.0.2 is a router - its inside ip address is 192.168.1.1, which it uses to talk to the 192.168.1.x network.

So, traffic from the internet to my LCS access proxy server goes

internet --> 111.111.111.111 (pix translates to 192.168.1.22) --> 192.168.0.2 (since that is the static route on the pix) --> 192.168.1.1 (inside interface of the router) --> 192.168.1.22
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
This article descibes how to create a connection between Excel and SAP and how to move data from Excel to SAP or the other way around.
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now