Forum Discussion

Jim_Couch_16225's avatar
Jim_Couch_16225
Icon for Nimbostratus rankNimbostratus
Jan 14, 2015

Lync 2013/2010 External Mobility Issues

I've read through a number of others issues but havent found anything that fits my case.

 

We deployed Lync through the latest iApp for Lync on two F5s. One is in a DMZ and the other internal. The basic topology is:

 

External user uses lyncdiscover.company.com > NAT external address to a DMZ Reverse Proxy VIP on port 443 > Irule translates the URL and sends directly to one of the Internal FE servers on 4443. User gets back the .JSON file with the additional URLs. User sends request to onprem-webext.company.com (which is the same external address) > NATS to the same DMZ VIP > iRule translates that URL to the same pool on the DMZ F5 > Pool sends the traffic directly to one of the internal front end servers > get a few response code 200s and a response code 401.

 

We have a cert on the DMZ F5 VIP that appears to work using external tools. I am using an iRule applied to the DMZ VIP to give me the traffic path and status codes. Internally, Lync works fine. After reading quite a bit about Lync, I am wondering if it doesnt like the server side cert and if I should just use the default server SSL profile, since internally the servers would be using internal PKI certs from our own CA.

 

Thanks in advance. Jim

 

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Hi Jim, the serverssl profile created by the iApp is simply a copy of the default serverssl profile; it doesn't modify any of the default settings. So there should be no difference switching between _reverse_proxy_server_ssl and serverssl.

     

    Which requests get the 200 response, and which ones get 401? Are all the hostnames of the additional URLS (e.g., onprem-webext.company.com) included in the reverse proxy iRule?