Hi,
I’m hoping someone can direct me to a guide or blog that can help me setup a reverse proxy instance for our on-prem Skype for Business setup. I found an older guide for the AX series, but it’s for lync running on windows server 2008. I recently upgraded to Skype4Bus 2015 & it’s running on windows server 2012 STD 64-bit. I followed that guide but I’m still having issues with some of the features not working.
Thanks for any help you can offer,
Abdul
Have you checked out this one?:
https://www.a10networks.com/resources/deployment-guides/microsoft-skype-for-business-server-2015
I did see that one, but wasn’t sure it would work since it’s for the Thunder ADC & we have an AX1030.
AX1030 supports 2.7.2-P11 (at this day), and 2.7.2-P10 or 2.7.2-P11-SP1 is the recommended version for non-fpga devices like Thunder 1030S and AX1030 so you should not have problems running it (for ADC)
If you are using the recommended 2.7.2-P10 or P11-SP1 version, even that the GUI interface is different, and the deployment guide was tested on 4.x, there’s a good chance that you should be able to configure it with out any problems (some commands changed from 2x to 4x, so search in the documentation if you get stuck), I reviewed the DG very fast, and most the Virtual Servers and objects that you have to create, are simple (L4 TCP, L4 UDP) even the aFlex is simple, give it a try, It should work (even the DDoS section should work).
Good Luck
Oscar Aguilar
My suggestion would be to go on the back of the deployment guide and there are sample configs for each segment of the Skype deployment. In 2.7 there are minor differences in the CLI which is Port:80 (2.7) and Port 80(4.1). Command lines in 2.7 and 4.x has it different which is an easy change. Interface, vlan and the rest will be the same. To make things easier use a textpad+ and change the IP address accordingly from the configs from the guide based on your Skype details.Heres a sample config for reverse proxy:
Reverse Proxy
ip anomaly-drop packet-deformity layer-3
ip anomaly-drop packet-deformity layer-4
ip anomaly-drop security-attack layer-3
ip anomaly-drop security-attack layer-4
ip anomaly-drop bad-content 10
ip anomaly-drop frag
ip anomaly-drop ip-option
ip anomaly-drop land-attack
ip anomaly-drop out-of-sequence 10
ip anomaly-drop ping-of-death
ip anomaly-drop tcp-no-flag
ip anomaly-drop tcp-syn-fin
ip anomaly-drop tcp-syn-frag
ip anomaly-drop zero-window 10
!
vlan 106
untagged ethernet 3
router-interface ve 106
!
vlan 110
untagged ethernet 2
router-interface ve 110
!
hostname ReverseProxy
!
interface management
ip address 10.100.2.134 255.255.255.0
ip default-gateway 10.100.2.1
enable
!
interface ethernet 1
!
interface ethernet 2
enable
!
interface ethernet 3
enable
!
interface ve 106
ip address 10.0.6.201 255.255.255.0
!
interface ve 110
ip address 192.0.3.201 255.255.255.0
!
!
ip route 0.0.0.0 /0 192.0.3.254
!
ip route 10.0.2.0 /24 10.0.6.254
!
ip route 10.0.3.0 /24 10.0.6.254
!
ip route 10.0.5.0 /24 10.0.6.254
!
health monitor HM
!
slb template persist source-ip RP
!
slb template server-ssl RP-Server-SSL
ca-cert InternalRootCA
!
slb server OOS-Internal-VIP 10.0.3.125
port 443 tcp
!
slb server Skype-Internal-VIP 10.0.3.123
port 4443 tcp
!
slb service-group OOS-443 tcp
method least-connection
health-check HM
member OOS-Internal-VIP 443
!
slb service-group Skype-4443 tcp
method least-connection
health-check HM
member Skype-Internal-VIP 4443
!
slb template client-ssl CSSL1
cert SSL_Cert
key SSL_Key pass-phrase encrypted
yKfJxqgqJak8EIy41dsA5zwQjLjV2wDnPBCMuNXbAOc8EIy41dsA5zwQjLjV2wDn
!
slb virtual-server RP_VIP 192.0.3.108
port 443 https
aflex Skype-OOS-Selection
source-nat auto
service-group Skype-4443
template server-ssl RP-Server-SSL
template client-ssl CSSL1
!
end
Genard
That works.