Author Topic: MiCollab - Server Gateway mode with 1:1 NAT - Possible?  (Read 2076 times)

Offline sarond

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1405
  • Country: au
  • Karma: +73/-0
    • View Profile
MiCollab - Server Gateway mode with 1:1 NAT - Possible?
« on: May 14, 2017, 04:47:26 AM »
Hi All,

Has anyone ever had a MiCollab Server in Server-Gateway mode using 1:1 NAT for the WAN connection?

We have a client that purchased MiVBX with standard UCC licensing. Initially there was no need for remote services like Teleworking and MiCollab mobile client.
Now that they have seen and used some of the features like AWC via VPN they are keen to start using it for clients.

They have applied for additional public IP addresses and now have them.
The way it has been setup is as a 1:1 NAT so public IP is not directly attached to the MiVBX.
They also want to restrict the ports to the server so I assume I can get those from the Engineering Guidelines.

Is it possible to use a custom network profile in the MBG to have this work?
Should I just get sales to sell them a separate MBG in DMZ? (I'd like to avoid this if possible)

Also with AWC what is the second ip address for? How is it use

I don't deal with the apps very often so you might have to talk slow :)

Regards,


Offline johnp

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2202
  • Country: us
  • Karma: +66/-0
    • View Profile
Re: MiCollab - Server Gateway mode with 1:1 NAT - Possible?
« Reply #1 on: May 14, 2017, 03:23:45 PM »
I haven't done it, but custom mode should allow the external address to be sent to the remote. I would agree that a MBG in DMZ would be Mitel's recommendation and with them clustered you should be good. With AWV, you could likely have the firewall send the https connection on in to 4443

Offline eugenej

  • Full Member
  • ***
  • Posts: 94
  • Country: 00
  • Karma: +2/-0
    • View Profile
Re: MiCollab - Server Gateway mode with 1:1 NAT - Possible?
« Reply #2 on: May 15, 2017, 07:09:42 AM »
My two cents:
The architecture you suggesting isn't supported but may work. Problem with NATting is that whatever is responsible for it, needs to have all the checks and balances to do with the voice bits the way Mitel needs it to be. Just check the engineering guide on MBG/MiCollab and you can see it's pretty intricate with all the ports and directions necessary.

My other 3 cents is that I would use a supported deployment architecture with MBG in DMZ only because support won't/can't respond with merely, "Sorry not supported"

Offline sarond

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1405
  • Country: au
  • Karma: +73/-0
    • View Profile
Re: MiCollab - Server Gateway mode with 1:1 NAT - Possible?
« Reply #3 on: May 15, 2017, 09:14:18 PM »
Thanks for the replies,

This is working with 1:1 NAT with custom profile, I understand it is not really a supported config but if it causes problems I will be recommending a separate MBG.
I have all the ports configured from the MBG EGL and it has all worked.

I even have the AWC working on a single IP address. I have just changed the port on the AWC settings to 4443 for external the same as it is internal.
It just means that the public need to be able to connect on port 4443 and that will depend on how strict their firewall environment is.

Even WebRTC is working  :)


 

Sitemap 1 2 3 4 5 6 7 8 9 10