AADS with SBCE Connection

[Kamal Arnous]

Dear Guys,

I have a problem with remote worker I'm able to connect to SM from outside such as mobile workplace and make calls but my problem is reaching the AADS and make search for Active directory users that connected with AADS. I have one public IP connected to SBC for both SM and AADS. SM is working fine. Can Anyone tell me How should I connect AADS with SBC step by step. note that I put the listening port for AADS on 8443. All of them are running V8.1. Internally everything is working fine. I have also firewall what is the ports that I need to keep it open there? 8443 ? and the ports for SM that already working. I'm using A1 as internal and B1 as External for SBCE.

Kind Regards,
Kamal

 

[biglebowski]

I'm not sure if you can use AADS for the directory search, I have an application relay setup for an internal RO DC and then publish the user search OU via the config file.

DMZ Services > Relay > Application relay

Service type = LDAP, Remote IP is the internal DC on port udp/389. Listen IP is the SBC outside interface with port 8443 and connect IP is the SBC inside interface with transport set to UDP


If you want to connect the clients to AADS you need to use a reverse proxy which is in the DMZ Services > relay section > reverse proxy

Set your Listen IP to the outside interface with HTTPS and port 8443 and use the connect IP as your inside interface. In the server address section put the IP address of AADS with 443 so it looks like 1.2.3.4:443 and leave URL sections as default.


With an external facing or edge firewall you want to be using a NAT so you can hide the IP address of your SBC outside interface.



Biglebowskis Razor - with all things being equal if you still can't find the answer have a shave and go down the pub.

 

[Kamal Arnous]

I made the connection already between AADS and LDAP and I can search for users internally without problem

my issue now is connecting to AADS from outside. I did the reverse proxy but still not working and I opened the port 8443 on the firewall and nat it to the external ip of sbc.

In reverse proxy I set the listen ip to external IP of SBC and I have to put HHTPS but with it we should add a certificate

I did these steps to get the certificate:
- from system manager I went to security then add new entity I filled the information, and put the FQDN of the AADS but down there is IP, I put there the external IP for sbc.
- then when to public web and generated the file
- then I transfered the file via WinSCP to sbc and generated from the the .crt and .key files then I upload them to tls certificate management in SBC.
- then I created server tls certificate and choose the certificate that I made before.
- I did the same steps for client certificate but I put the internal ip of SBC instead and then I add all of them to reverse proxy.
- then I opened the port 8443 from the firewall and forward it to the external IP of SBC

Note that: I'm using the same external SBC IP for both Session Manager and AADS reverse proxy

the application didn't solve am not sure what I did wrong

 

[biglebowski]

Ah ok, I'm using a Globalsign public cert for the outside interface.

Here's a really good doc that explains how to setup the SBC for remote workers, I used this to get my head round the config and initially used a self signed from SMGR for testing...

https://download.avaya.com/css/public/documents/101073892

Biglebowskis Razor - with all things being equal if you still can't find the answer have a shave and go down the pub.