OCS 2007 client (using vista) over a cisco vpn

[BrettSchwartz]

We are trying to get some users logging into our new OCS server over our
Cisco VPN (all ports are open on vpn tunnel) and are having issues getting it to work. If I take the computer
and put it directly on our internal network, I can login. When I switch the
user over to our DSL connection for testing, I get the following error when
trying to signin:

Cannot sign in because the server is temporarily unavailable. If the
problem persists, contact your system administrator.

The VPN connection has no port restrictions for the clients.

The connection type for the OCS client is manual using the OCS servers FQDN
over TCP. I can ping the FQDN from the VPN client, so it is not a DNS.

What else is needed?



Note: certificate has been installed on the client machine as well (made sure it was using a root cert)

 

[kcfonman]

You may need to check to see if there is a firewall between you VPN point and the internal network. They could be blocking your ports.

I am currenly on Vista Enterprise, OCS R2 and Cisco VPN with no issues. Windows Firewall is turned off since Symantech protection agent is running on the machine.

Note, we did have to change the policy of Symantch to allow the port to work on remote connections (VPN).

 

[hunterdw]

We have a similar setup - OCS internal - VPN clients from DSL/Cable - they connect via the VPN client. I have nothing special setup on my ACLs. It just works.

Sounds to me like you've got somesort of firewall configuration issue - either on the PIX/ASA or on the client.

Rather than doing a manual/tcp connection using FQDN - try it via IP

Connect to VPN, try to connect using the inside IP/tcp and see if it connects - if so, then it's time to start troubleshooting DNS - where the does FQDN point? internal RFC1918 IP? externalIP?

If connecting using the inside IP/tcp - after connecting to the VPN - does not work, time to start troubleshooting client firewall issues and/or ACLs on the hardware/VPN firewall