DNS for AWC

[StardataMitel]

Survivable branch node setup, 1 x 3300 MXe as Primary with 6 x CX as branch nodes all connected via VPNs. Systems all at MCD4.0. Probably not important...

We have put in a MAS with AWC at an 8th location with and cannot get the collaboration client to download from the server - errors connecting to the AWC Server. We've also gotten errors saying ports are being blocked but the network engineer assures us (for what thats worth.... long story) that there is nothing at all being blocked. A user can log in to the AWC site okay and set up Audio conferences which work fine but when it tries to install and run the Collaboration Client for the web/video portion it fails.

Our current lab setup only has a single IP and DNS configured and works fine, but we are being told we need a second external IP and DNS for this one. Can anyone enlighten me why or how else we could overcome this issue?

 

[JimHilton]

Wow, Via the VPN can all devices "talk" to each other EG: ping etc. If this is a VPN setup, I fail to see why you would need an additional IP as all the devices can communicate via the VPN aka internal network.

Remote users/clients would also have to VPN in mind you.

A possible reason why remotes are failing is depending on your gear's setup, it could be port blocking or there could be routing issues and a whole slew of other things.

Your internal test leads me to believe that your have successfully set everything up AOK. Use that internal machine to see if it can "talk" to all the other things it needs to. Using that as a prove out, then start with 1 remote client and verify it can talk to everything your internal test can.

VPN's can be a PITA with routing issues and how responsive a remote site is to a VPN client connecting via your main gateway.

The DNS sort of puzzles me, the only variable is the remote client, but we really don't care about them. Once they establish a VPN connection, the <vpndevice> will know where it is. But in some cases remote VPN's are severely locked down to say a specific IP subnet or even a specific IP. I am assuming all your devices would have static IPs.

Sorry if I sound sort of vague, but your setup sounds very complex, and without many other pieces of info such as hardware gear, routing info, VPN configuration (remote sites talking to a concentrator) etc, I'm just giving you some basic trouble shooting.

Jim

 

[StardataMitel]

Thanks for your efforts. Sure, a bit more info...

Fully meshed standard Cisco IPSec VPN implementation at sites, with a dedicated BDSL connection for voice and a separate one for their data traffic. Cisco 1812 routers. All devices can ping each other and other networks. Voice network working wonderfully (apart from some SDS issues, but who can help that really). I don't think that the voice communications is the issue though.

It's when a user on a PC goes to download the Collaboration Client from the MAS - Audio and Web Conferencing server when trying to connect to a conference that we get the communication errors. If we are sitting on the same subnet as the MAS it seemed there was no problem, outside the local subnet was a no-go.
"The was a problem connecting to the AWC Server...

 

[JimHilton]

Ok that was what I was wondering. I assume the client can d/l the software? I'm getting the feeling you almost need a DMZ like access for the remote clients.

We run cisco as well and I know we had a bugger of a time with routing traffic properly.

I took a remote site profile and used the cisco copy command and made that a vpn client. That fixed the issue but couldn't figure out why. Later I discovered that VPN clients did not have routing rights to the external divisions.

Do you have some surplus gear? I'd be curious if programmed up one of the routers to the same specs as your remote sites and see if that works. If it does then I would strongly suspect there is something mucked up in the VPN client profile vs the remote sites profile.

I'm sorry I can't be more informative, I find with these types of issues you really have to do "one thing at a time" and keep lots of coffee on the go