MS LCS via Cisco VPN Client

Answered Question
Aug 7th, 2007
User Badges:

Hi all

Not sure if this the right forum or not but I'm having difficulty running MS Office Communicator (OC) via Cisco VPN Client. I've made sure the followings:

1. As a test, I've allowed all IP access between the VPN client and the entire internal network.

2. OC can connect to the internal LCS (Live Communication Server) on TCP port 5060 no problem at all. Netstat will show an established TCP connection between the client and the LCS. Problem is that OC will come back to say that it cannot connect to LCS.


Note that OC would have no problem at all connecting with LCS when the PC is on the inside/internal network.


Thanks in advance for your feedback.

Correct Answer by jocoates about 9 years 10 months ago

Aha... Got it.


Have a look at this KB...


http://support.microsoft.com/kb/911786


Turn the fixup off for SIP and it works.


Cheers

John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
umedryk Mon, 08/13/2007 - 13:00
User Badges:
  • Bronze, 100 points or more

Microsoft routing problems occur when a Cisco VPN Client (such as a VPN 3000 Client, Cisco Secure VPN Client, or VPN 5000 Client) gets an IP address from the device terminating the tunnel that is on the same network as the local Network Interface Card (NIC). This device consists of the Cisco VPN 3000 Concentrator, router, PIX Firewall, or VPN 5000 Concentrator. This occurs if a user has a laptop on the corporate network with a DHCP or static IP address (10.50.1.x), brings the laptop home, dials into the Internet Service Provider (ISP), and connects using the VPN Client

vincent-n Mon, 08/13/2007 - 16:26
User Badges:

Thanks for your feedback. So can you suggest something that I can do? Also, just a few questions to ask:

1- My LCS server is on 10.x.100.x/24 network and my VPN address is 10.x.2.x/24 network. Routing inside/internal is via a L3 routing module. When I'm at work, the DHCP range is 10.x.3.0/24 network. So I don't really understand your statement on MS Routing problem.

2- Is there something specific to the address range 10.50.1.x that made you mentioned about it in your post?


Thanks.

jocoates Sun, 09/16/2007 - 00:40
User Badges:

Hi Vincent-n,


I feel your pain.


Did you end up getting this to work? I have EXACTLY the same problem. You can do all the tests using LCSDiag, ping, telnet, etc etc and it all checks out, but when using the client it fails.


Cheers

John

vincent-n Sun, 09/16/2007 - 16:25
User Badges:

Hi John

I escalated this problem to 3rd party vendor and the engineer thinks that it's to do with "shonky" MS routing stuff. He thinks that the work around for this problem is to install LCS Proxy server since this software is designed to route between the outside and inside network. Will let you know whether this solution will work or not. Just hang on John.

vincent-n Sun, 09/16/2007 - 22:23
User Badges:

John, you ..... BEAUTY. I've configured the fixup command already and will try it at home tonight. How did you come across the resolution may I ask? I've searched for days and end up with nothing.

vincent-n Mon, 09/17/2007 - 14:27
User Badges:

John, just letting you know that it works like a charm. I did a search on google this morning using keyword "live communication server pix firewall" and found the same result (different website) straight away. Thanks again for your feedback. Yeeha.

Actions

This Discussion