Solved

How do I share files with users outside of my firewall with Office Communicator 2005?

Posted on 2007-11-30
7
1,051 Views
Last Modified: 2012-08-13
I work for a company which has charged me the task of making Communicator 2005 our central chat and meeting client.  Right now everything works well behind the firewall and I can even send files from outside of the firewall to myself, but when I try and send files from behind the firewall to outside of the firewall I receive the following error:

Cannot send "file.txt" to USER. This may be due to firewall restrictions or network problems. Please try again. If you need further assistance, contact your system administrator.

The system outside of the firewall receives the following error:

You cannot received the file "file.txt" from USER.  This may be due to the firewall restrictions or network problems.  If you need further assistance please contact your system administrator.

I have port 6891 open with the firewall software we use and we have 5060 and 5061 open on our Cisco PIX.  

Any help would be greatly appreciated.
0
Comment
Question by:BRNIIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20409931
Hi BRNIIT
   From Microsoft...
 What ports are required for external access?
A. In order for external access to succeed, Communicator Mobile needs to use TLS transport. By default, port 5061 is used, but other ports, such as port 443, can be used for external access. If you configure a nondefault port for external access, the Communicator Mobile clients that connect to the server must be configured to include the port information in the server address. The correct format is <server address>:<port number>. For example, the client should be configured to use sip.contoso.com:443 if port 443 has been configured on the sip.contoso.com server.

For more information about this port configuration on the Access Proxy, see "Configuring the Internal and External Edges of an Access Proxy" in Live Communications Server 2005: Deploying Access Proxy and Director.
 
Can you post your sanitized PIX config?

Regards
0
 

Author Comment

by:BRNIIT
ID: 20411198
Here's the santized PIX config:

PIX Version 6.3(4)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password *** encrypted
passwd *** encrypted
hostname mypix
domain-name mydomain.com
clock summer-time UTC recurring 2 Sun Mar 1:00 1 Sun Nov 2:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip 5061
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list from_outside permit tcp any host 111.111.111.111 eq 5061
no pager
mtu outside 1500
mtu inside 1500
ip address outside 111.111.111.2 255.255.255.240
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 111.111.111.111 192.168.1.22 netmask 255.255.255.255 0 0
access-group from_outside in interface outside
route outside 0.0.0.0 0.0.0.0 111.111.111.1 1
route inside 10.1.0.0 255.255.0.0 192.168.0.2 1
route inside 10.2.0.0 255.255.0.0 192.168.0.3 1
route inside 10.3.0.0 255.255.255.0 192.168.0.3 1
route inside 10.10.10.0 255.255.255.0 192.168.0.3 1
route inside 10.10.20.0 255.255.255.0 10.1.1.3 1
route inside 10.100.1.0 255.255.255.0 192.168.0.3 1
route inside 172.16.3.0 255.255.255.0 192.168.0.2 1
route inside 172.17.0.0 255.255.0.0 192.168.0.3 1
route inside 192.168.1.0 255.255.255.0 192.168.0.2 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.0.0 255.255.255.0 inside
http 10.1.8.201 255.255.255.255 inside
http 10.1.1.199 255.255.255.255 inside
http 10.1.8.58 255.255.255.255 inside
snmp-server host inside 10.1.0.104 poll
no snmp-server location
no snmp-server contact
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
telnet 10.0.0.0 255.0.0.0 inside
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80

0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20411272
static (inside,outside) 111.111.111.111 192.168.1.22 netmask 255.255.255.255 0 0

static is for 192.168.1.22 but PIX does not have an interface in this range. What is the gateway IP address of 192.168.1.22. Is 192.168.1.22 the Office Communicator server?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:BRNIIT
ID: 20411324
This line takes care of routing to the 192.168.1.0 ip range:

route inside 192.168.1.0 255.255.255.0 192.168.0.2 1

Yes, that ip address is the Access Proxy server.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 20412327
 This line takes care of routing to the 192.168.1.0 ip range:
   route inside 192.168.1.0 255.255.255.0 192.168.0.2 1
    This is useful only when a computer in 192.168.0 network wants to browse 192.168.1.22. Is 192.168.0.2 a router or a switch vlan gateway?
0
 

Accepted Solution

by:
BRNIIT earned 0 total points
ID: 20412759
192.168.0.2 is a router - its inside ip address is 192.168.1.1, which it uses to talk to the 192.168.1.x network.

So, traffic from the internet to my LCS access proxy server goes

internet --> 111.111.111.111 (pix translates to 192.168.1.22) --> 192.168.0.2 (since that is the static route on the pix) --> 192.168.1.1 (inside interface of the router) --> 192.168.1.22
0

Featured Post

To Patch or not to Patch? That is the question!

Don't get caught out like thousands of others around the world in the recent Ransomware Fiasco!
Discuss..
- Why it's not a good idea to wait before Patching
- Sensible approaches to Patching discussed
- Add your feedback, comments and suggestions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Syslog for Juniper SRX 6 36
Site to Site VPN DNS issue 6 41
Calendar Invitation acceptance 5 35
How to turn this IF statement into a UDF? 5 25
This article describes how to import an Outlook PST file to Office 365 using a third party product to avoid Microsoft's Azure command line tool, saving you time.
This article describes a serious pitfall that can happen when deleting shapes using VBA.
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question