I was just going through the Edge server properties today and was asked what the check box does that is labeled “External IP address is translated by NAT” in this attached screen shot.
I have to admit that it was one of those things that makes me go, “hhhmmmm” when I thought about it.
In OCS 2007, I learned that NAT is “bad” and all thoughts of using NAT should be erased from my brain. NAT just didn’t work for AV Edge in OCS 2007. Now, in OCS 2007 R2, it does work. Well, it kind of works.
As Jeff Schertz (and others) explained to me today, it really does work, and it involves some magical fairy dust or something, but it does work. OK, the magical fairy dust really is not supported by Microsoft, but there must be some magical goodness in there to make it work.
The issue is that the AV Edge (yes, most of us run consolidated Edge servers today, and this one is consolidated) needs to be able to resolve the external TCP/IP address for AV. This is the address on the public side of the firewall that is routable and addressable by computers and devices on the Internet. The remote clients for AV conferencing need to be able to resolve this live (meaning real and not a private address range) address.
Jeff went on a little further and recommended to either:
- Create a local HOSTS file entry on the Edge server that includes the public TCP/IP address of the AV Conferencing FQDN
- If the Edge Server is using an internal DNS server for lookup, create an A record for the public TCP/IP address of the AV FQDN
NOTE: This only works if the Edge server is a single server, it will not work for Edge arrays.