Use lync outside the network

Without edge interface you will be not install the certificate for external linc access.
Have a look at this MS article which detsils the steps
technet.microsoft.com/en-us/library/gg398409.aspx

You mean I have to install Lync on another hardware?

If only you have multiple edge severs, You should purchase a public certificate for external access and import this on each edge server.

As of now I have only one server.
what all things I have to do to make it available from outside (except NAT in firewall)

Purchase a public certificate and install it as per the tech article. Then it will be accessible externally.

How lync client will reach the server. Using what name?
servername.internaldomain.com
or
I have to configure external name ?

Obviously it should be external one for external access.

Where Io will configure external name in such a way a user go out from office and open laptop it should work.

Where I will configure external name in such a way a user go out from office and open laptop it from outside and it works?

Yes, it will work

Where I will configure external name?

You can can configure the server and the certificate should be https://servername.yourpublicdomain.com

"The server is not responding or cannot be reached...."
This is the error I get when I try to login from outside

What could be wrong

Now getting this error.
Your help is appreciated to finish this question
error.png

Could you add the site into trusted list from IE and provide admin credentials to login.
Ensure that the logon users are member os Csadministrator group in AD.
Also, check the dns entries whether its present.

It is only working with internal servername/IP
It is not working with external servername/IP

From internal network I configured internal and external name. it is working
But outside network it is not working. when I connect VPN from outside it is working with the internal name

What shall I do to make it working from outside with the external name?

The name should be configure in the certificate.

It is already configured

BTW
SIP domain is internal domain name (i.e. xyz.com)
external FQDN is abc.com (I added this as additional SIP domain)

Now I added SRV records (_kpasswd, _ldap, _gc) now it is working with external name from inside.

Do I have to create SRV records in external DNS?

The host A record would be sufficient, since it's working internally after adding the srv records, it's worth to try creating a srv record.

_internaltls._tcp.externalname.com
or
_sip._tls.externalname.com
?

Its sip.tls.externalname.com

I have created SRV records same like as in internal DNS but still no luck.

Do you know how it works from outside?
So that I can check and trouble shoot in a short time.

Please help it is not working from outside

Any thought of connecting the users to a VPN internally and then they should be able to connect as if they were in the office..have many customers set up this way.

Already users connected through VPN from outside. I want users to connect without vpn from outside.

awaiting your reply

I think the only way to connect without VPN is either to setup a reverse proxy (have seen customers do this, essentially publish Lynch on the DMZ) or have everyone register with an outiside entity such as Microsoft.

how to setup reverse proxy
I do not have DMZ

I have managed to work from outside by doing a port forwarding from 8080/4443 to 80/443
but no audio and video calls can you help to configure

I found another site to configure without reverse proxy

I am interested in comments by abbasiftt.  I have thus far been unable to get it working via VPN (this should be easier).

Getting "There was a problem verifying the certificate from the server"

From what I've read it's been suggested that I manually import the certificate from the server to the VPN client.  No problem but cannot identify which cert is the one (for Lync) I should be exporting/importing?

Is this the right suggestion?  If so, how do I identify which cert to import?