reverse proxy skype for business AX1030

Hi,

I'm hoping someone can direct me to a guide or blog that can help me setup a reverse proxy instance for our on-prem Skype for Business setup. I found an older guide for the AX series, but it's for lync running on windows server 2008. I recently upgraded to Skype4Bus 2015 & it's running on windows server 2012 STD 64-bit. I followed that guide but I'm still having issues with some of the features not working.

Thanks for any help you can offer,

Abdul

Comments

  • abqureshiabqureshi Member
    edited August 2017
    I did see that one, but wasn't sure it would work since it's for the Thunder ADC & we have an AX1030.
  • oaguilaroaguilar Member
    edited August 2017
    AX1030 supports 2.7.2-P11 (at this day), and 2.7.2-P10 or 2.7.2-P11-SP1 is the recommended version for non-fpga devices like Thunder 1030S and AX1030 so you should not have problems running it (for ADC)

    If you are using the recommended 2.7.2-P10 or P11-SP1 version, even that the GUI interface is different, and the deployment guide was tested on 4.x, there's a good chance that you should be able to configure it with out any problems (some commands changed from 2x to 4x, so search in the documentation if you get stuck), I reviewed the DG very fast, and most the Virtual Servers and objects that you have to create, are simple (L4 TCP, L4 UDP) even the aFlex is simple, give it a try, It should work (even the DDoS section should work).

    Good Luck
    Oscar Aguilar
  • dshindshin Member
    edited November 2017
    My suggestion would be to go on the back of the deployment guide and there are sample configs for each segment of the Skype deployment. In 2.7 there are minor differences in the CLI which is Port:80 (2.7) and Port 80(4.1). Command lines in 2.7 and 4.x has it different which is an easy change. Interface, vlan and the rest will be the same. To make things easier use a textpad+ and change the IP address accordingly from the configs from the guide based on your Skype details.Heres a sample config for reverse proxy:

    Reverse Proxy
    ip anomaly-drop packet-deformity layer-3
    ip anomaly-drop packet-deformity layer-4
    ip anomaly-drop security-attack layer-3
    ip anomaly-drop security-attack layer-4
    ip anomaly-drop bad-content 10
    ip anomaly-drop frag
    ip anomaly-drop ip-option
    ip anomaly-drop land-attack
    ip anomaly-drop out-of-sequence 10
    ip anomaly-drop ping-of-death
    ip anomaly-drop tcp-no-flag
    ip anomaly-drop tcp-syn-fin
    ip anomaly-drop tcp-syn-frag
    ip anomaly-drop zero-window 10
    !
    vlan 106
    untagged ethernet 3
    router-interface ve 106
    !
    vlan 110
    untagged ethernet 2
    router-interface ve 110
    !
    hostname ReverseProxy
    !
    interface management
    ip address 10.100.2.134 255.255.255.0
    ip default-gateway 10.100.2.1
    enable
    !
    interface ethernet 1
    !
    interface ethernet 2
    enable
    !
    interface ethernet 3
    enable
    !
    interface ve 106
    ip address 10.0.6.201 255.255.255.0
    !
    interface ve 110
    ip address 192.0.3.201 255.255.255.0
    !
    !
    ip route 0.0.0.0 /0 192.0.3.254
    !
    ip route 10.0.2.0 /24 10.0.6.254
    !
    ip route 10.0.3.0 /24 10.0.6.254
    !
    ip route 10.0.5.0 /24 10.0.6.254
    !
    health monitor HM
    !
    slb template persist source-ip RP
    !
    slb template server-ssl RP-Server-SSL
    ca-cert InternalRootCA
    !
    slb server OOS-Internal-VIP 10.0.3.125
    port 443 tcp
    !
    slb server Skype-Internal-VIP 10.0.3.123
    port 4443 tcp
    !
    slb service-group OOS-443 tcp
    method least-connection
    health-check HM
    member OOS-Internal-VIP 443
    !
    slb service-group Skype-4443 tcp
    method least-connection
    health-check HM
    member Skype-Internal-VIP 4443
    !
    slb template client-ssl CSSL1
    cert SSL_Cert
    key SSL_Key pass-phrase encrypted
    yKfJxqgqJak8EIy41dsA5zwQjLjV2wDnPBCMuNXbAOc8EIy41dsA5zwQjLjV2wDn
    !
    slb virtual-server RP_VIP 192.0.3.108
    port 443 https
    aflex Skype-OOS-Selection
    source-nat auto
    service-group Skype-4443
    template server-ssl RP-Server-SSL
    template client-ssl CSSL1
    !
    end


    Genard
  • edited May 2018
    That works.
Sign In or Register to comment.