XCCC: Configuring Exchange 2000 Conferencing Server Behind a PIX Firewall (299668)
The information in this article applies to:
- Microsoft Exchange 2000 Conferencing Server
This article was previously published under Q299668 SUMMARY
This article describes how to configure Exchange 2000 Conferencing Server so that Internet attendees can join an online conference through a PIX firewall. This article describes a small deployment that uses three servers, and assumes that you are familiar with Microsoft Windows 2000 services including Active Directory, Domain Name System (DNS), and Dynamic Host Configuration Protocol (DHCP).
You need to configure one server as a Windows 2000 domain controller with Active Directory, DNS, DHCP, and Exchange 2000 services in one site. Another domain controller or member server provides Exchange 2000 Conferencing Server to Intranet users who are located in that same site. A third server provides Exchange 2000 Conferencing Server to Internet users in a second site.
Note that even though this article describes a relatively small deployment, you can apply the information in this article to larger deployments.
MORE INFORMATION
For the purposes of this article, the domain controller that is running DNS, DHCP, and Exchange 2000 Server is called server 1, and exists in the first site, which is called site A. The computer that is running Exchange 2000 Conferencing Server in site A for users on the internal network is called server 2. The second site is called site B, and the computer that is running Exchange 2000 Conferencing Server in site B for Internet attendees is called server 3.
To configure Exchange 2000 Conferencing Server so that Internet attendees can join an online conference through a PIX firewall, use the following settings.
Site-Specific Settings
To configure the site-specific settings:
- Define the internal subnet as a member of site A. Note that site A is equivalent to Default-First-Site-Name in Active Directory Sites and Services.
- Create a second site named site B for the Internet Exchange 2000 Conferencing Server system.
- Create a new subnet by using the IP address of the Internet Exchange 2000 Conferencing Server computer and the following subnet mask:
For additional information about configuring sites and subnets, see the Windows 2000 Help.
Exchange 2000 Conferencing Server Settings
Configure the following Exchange 2000 Conferencing Server settings in the Conferencing Manager snap-in:
- For server 2:
- Make sure that the Conference Management Service (CMS) in this system has a URL that internal systems can resolve to.
- Make sure that the Multipoint Control Unit (MCU) does not have the Internet check box selected.
- Do allow remote MCU connections.
- For server 3:
- Make sure that this CMS has an externally resolvable URL.
- Make sure that this MCU has the Internet check box selected. Type an externally resolvable fully qualified domain name (FQDN) in the box under Internet.
- Do not allow remote MCU connections.
PIX-Specific Settings
To configure the PIX-specific settings:
- Define the private IP address space for your PIX firewall. PIX uses network address translation (NAT), PAT, or both to translate your outgoing requests to a publicly routable source address. The type of translation that PIX uses depends on how you set up your address groups. You need to define your internal space as part of a group. For the purposes of this article, this group is called group 1. This is important because you use the same group number on your external address pools to create an association between the two address ranges. You can do this by using the PIX Private command.
- Define your external or public IP address space on the outside port of your PIX, which is the port that is set to security level 0. If you have more than one public IP address space, you must pick one that your external Exchange 2000 Conferencing Server users resolve to. To do this, use the Global command while you are in privileged mode on the PIX. Make sure that you use the same group number that you used for the internal address pool.
- Use the Static command to map the public IP to the private IP of server 3.
- Use the Conduit command to create a tunnel, or conduit, that allows traffic to flow from the public network to your private network.
- Enable support for the H.323 protocol by using the fixup protocol h323 command.
For additional information about these commands and other commands that relate to the PIX platform, see the following Cisco Web site:
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information. DNS-Specific Settings
Private servers should use a private name space, but public servers must use publicly resolvable names in any information that they pass to external clients. If your external clients cannot join a conference, first make sure that the client can resolve to the FQDN in the URL that is passed to the client. If the client can resolve to the FQDN in the URL, check to see which ports are open or closed. The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Modification Type: | Minor | Last Reviewed: | 4/25/2005 |
---|
Keywords: | kbhowto KB299668 |
---|
|