Thursday, June 26, 2008

using ASA and OCS video conferencing server

During my attendance of OCS ignite tour training and some other OCS events, we have been informed that OCS edge video servers cannot be located behind a NAT device e.g. firewall, this is due to the fact the Video conferencing doesn’t work correctly with NATing, so the design was saying give the Edge NIC a real IP and place it directly on the internet.

I have been working a while with ASA and I have tested my configuration, you don’t need a NAT device in ASA (5520,5540) V7 or V8 (this is my testing so results could be true), the edge server could have a real IP on its NIC, and placed in the DMZ for example, in this case the ASA will filter the packets only as a firewall and will not do Natting, creating a DMZ for the edge server might be a hustle but this is not the case if you created sub interfaces.

This might be a tricky discussion when talking to Microsoft partner or consultant since this is not the case of ISA 2006, but you can do the above configuration safely on your ASA.

I am thinking about creating routing rule between the DMZ in ISA server and the internal/external network but I didn’t have the chance to test it, so this might do the trick instead of placing your video edge server naked in the desert.

No comments: