UC520 and Windows SBS2003

Submitted by WMurray on Mon, 07/07/2008 - 09:52

UC500 Configuration

Hey all,

Has anyone run into any issues between the UC520 and Windows Small Business Server 2003? I added the UC520 to my network 4 months ago to handle voice, and at that point just stuck it behind the SBS box (Didn't need it to do anything but voice at that point.) I've now decided to promote the UC520 to serve as gateway for voice and data, but have run into a couple of issues:

-I changed the SBS IP to an address within the data vlan on the UC520.
-I then modified the DHCP scope on the UC520 to point DNS traffic to the new SBS address. (Need SBS to handle DNS for sharepoint traffic, and machine registration)
-I then disabled the DHCP server on SBS.

I can get local traffic between all devices, but I'm getting no DNS resolution, and no access to outside servers.

Does anyone have any ideas on the DNS issue, or a better way to approach this in general?

Thanks,
Will

Average:

Your rating: None

Printer-friendly version
Login or register to post comments


	#1Submitted by WMurray on Wed, 07/09/2008 - 07:23. Finally got it sorted out. Thanks! Thanks for all the help guys. I was able to get everything up and running. The Westell was definitely the one at fault. Even asking it to forward all traffic to the WAN address of the UC520 wasn't working correctly. The modem did support bridged mode, just not through Bellsouth's "consumer-friendly" interface. I set the UC520 to dial PPPoE, which worked correctly once I set the address option to "IP Negotiation" rather than DHCP. I got it up and running around midnight on Monday, and so far no problems. Thanks again! Will Login or register to post comments


	#2Submitted by 101_be on Mon, 07/07/2008 - 13:01. SBS 2003and DHCP Hi Will, I do have a lot of SBS2003 in the wild and one thing is for sure, SBS doesn't like not running DHCP itself. The latest config I did last week with UC520 : SBS2003 with one network card (this is actually good now, no matter what the wizard is saying, SBS2008 is recommending one card and a separate firewall). DHCP configured for the data VLAN on SBS. You might have to change the server's IP address to be in the same range/not have the same ip as the UC box. UC520 as router/firewall with DHCP for the DATA VLAN turned OFF. You can leave the DHCP for Voice On. From there you can rerun the SBS Wizard to connect to internet, telling it that you have a router and give the UC520 DATA VLAN IP Address (usually 192.168.10.1, your server most probably get the .10.2). SBS will act as DNS forwarder. Hope it helps. Fab Login or register to post comments


	#3Submitted by WMurray on Mon, 07/07/2008 - 18:49. Thanks a million! That Thanks a million! That solved that issue. My problem now is opening the ports for my SBS server from the outside world. I've created what I believe to be the necessary entries for the nat translations and access lists, but still no luck. Here is what I'm working with: (My Westell modem is set to pass my WAN address through to 192.168.1.100) UC520#show ip nat translation Pro Inside global Inside local Outside local Outside global udp 192.168.1.100:1 192.168.10.17:123 17.151.16.21:123 17.151.16.21:123 udp 192.168.1.100:50992 192.168.10.17:50992 192.168.1.178:161 192.168.1.178:161 udp 192.168.1.100:123 192.168.10.18:123 17.151.16.22:123 17.151.16.22:123 tcp 192.168.1.100:1051 192.168.10.20:1051 192.168.1.5:5431 192.168.1.5:5431 udp 192.168.1.100:62391 192.168.10.48:62391 192.168.1.178:161 192.168.1.178:161 tcp 192.168.1.100:50045 192.168.10.250:50045 69.25.21.137:443 69.25.21.137:443 tcp 192.168.1.100:50063 192.168.10.250:50063 64.12.26.118:5190 64.12.26.118:5190 tcp 192.168.1.100:50065 192.168.10.250:50065 64.12.30.84:5190 64.12.30.84:5190 tcp 192.168.1.100:50083 192.168.10.250:50083 17.250.248.77:80 17.250.248.77:80 tcp 192.168.1.100:50084 192.168.10.250:50084 17.250.248.105:80 17.250.248.105:80 tcp 192.168.1.100:50085 192.168.10.250:50085 17.250.248.32:443 17.250.248.32:443 tcp 192.168.1.100:25 192.168.10.254:25 --- --- tcp 192.168.1.100:80 192.168.10.254:80 --- --- udp 192.168.1.100:137 192.168.10.254:137 10.37.129.2:137 10.37.129.2:137 udp 192.168.1.100:137 192.168.10.254:137 10.211.55.2:137 10.211.55.2:137 udp 192.168.1.100:138 192.168.10.254:138 10.211.55.4:138 10.211.55.4:138 tcp 192.168.1.100:143 192.168.10.254:143 --- --- tcp 192.168.1.100:443 192.168.10.254:443 --- --- tcp 192.168.1.100:444 192.168.10.254:444 --- --- udp 192.168.1.100:1063 192.168.10.254:1063 205.152.37.23:53 205.152.37.23:53 tcp 192.168.1.100:1723 192.168.10.254:1723 --- --- tcp 192.168.1.100:4118 192.168.10.254:4118 209.190.5.34:80 209.190.5.34:80 Pro Inside global Inside local Outside local Outside global tcp 192.168.1.100:4125 192.168.10.254:4125 --- --- UC520#show access-list Standard IP access list 1 10 permit 10.1.1.0, wildcard bits 0.0.0.255 20 permit 192.168.10.0, wildcard bits 0.0.0.255 (161 matches) 30 permit 10.1.10.0, wildcard bits 0.0.0.3 (7 matches) Extended IP access list 100 10 deny ip 192.168.10.0 0.0.0.255 any 20 deny ip 192.168.1.0 0.0.0.255 any 30 deny ip 10.1.1.0 0.0.0.255 any 40 deny ip host 255.255.255.255 any 50 deny ip 127.0.0.0 0.255.255.255 any 60 permit ip any any (7871 matches) Extended IP access list 101 10 permit tcp 10.1.1.0 0.0.0.255 eq 2000 any (128 matches) 20 permit udp 10.1.1.0 0.0.0.255 eq 2000 any 30 deny ip 192.168.10.0 0.0.0.255 any 40 deny ip 192.168.1.0 0.0.0.255 any 50 deny ip 10.1.1.0 0.0.0.255 any 60 deny ip host 255.255.255.255 any 70 deny ip 127.0.0.0 0.255.255.255 any 80 permit ip any any Extended IP access list 102 10 deny ip 10.1.10.0 0.0.0.3 any 20 deny ip 192.168.1.0 0.0.0.255 any (273 matches) 30 deny ip 10.1.1.0 0.0.0.255 any (30 matches) 40 deny ip host 255.255.255.255 any 50 deny ip 127.0.0.0 0.255.255.255 any 60 permit ip any any (19242 matches) Extended IP access list 103 10 permit tcp 10.1.10.0 0.0.0.3 any eq 2000 (248 matches) 20 permit udp 10.1.10.0 0.0.0.3 any eq 2000 30 deny ip 10.1.10.0 0.0.0.3 any 40 deny ip 192.168.10.0 0.0.0.255 any 50 deny ip 192.168.1.0 0.0.0.255 any 60 deny ip host 255.255.255.255 any 70 deny ip 127.0.0.0 0.255.255.255 any 80 permit ip any any (1389 matches) Extended IP access list 104 10 permit tcp any host 192.168.1.100 eq 4125 20 permit tcp any host 192.168.1.100 eq 143 30 permit tcp any host 192.168.1.100 eq 1723 40 permit tcp any host 192.168.1.100 eq 444 50 permit tcp any host 192.168.1.100 eq smtp 60 permit tcp any host 192.168.1.100 eq 443 70 permit tcp any host 192.168.1.100 eq www 80 deny ip 10.1.10.0 0.0.0.3 any 90 deny ip 192.168.10.0 0.0.0.255 any 100 deny ip 10.1.1.0 0.0.0.255 any 110 permit icmp any host 192.168.1.100 echo-reply 120 permit icmp any host 192.168.1.100 time-exceeded 130 permit icmp any host 192.168.1.100 unreachable (60 matches) 140 deny ip 10.0.0.0 0.255.255.255 any 150 deny ip 172.16.0.0 0.15.255.255 any 160 deny ip 192.168.0.0 0.0.255.255 any (72 matches) 170 deny ip 127.0.0.0 0.255.255.255 any 180 deny ip host 255.255.255.255 any 190 deny ip host 0.0.0.0 any 200 deny ip any any log Any idea on where I went wrong? Thanks! Login or register to post comments


	#4Submitted by specwar on Mon, 07/07/2008 - 22:02. nat and acl's appear to be nat and acl's appear to be ok from that list, i would blame your DSL modem. It is obviously doint NAT, are you sure all the ports are forwarded through it and allowed through it's firewall (if it has one)? Why don't you just set the DSL modem up in bridged mode so that it gives your UC520 the public IP directly? Login or register to post comments


	#5Submitted by WMurray on Mon, 07/07/2008 - 22:49. It's a Westell Wirespeed, It's a Westell Wirespeed, doesn't really have a bridge mode- It allows you to define a user configured pc to have the external address, but when I try that, I lose the connection altogether. Same thing when I try to simply use PPPoE on the UC520 to connect directly. That's what SBS was doing. Thanks Will Login or register to post comments


	#6Submitted by 101_be on Tue, 07/08/2008 - 18:45. Next step... Hi Will I don't know Westell but I'll try to help. I have a Thomson Speedtouch DSL modem on which I had to say 'everything from outside on your fixed, real world IP address, forward it to the WAN port IP Address on the UC500'. This was done in no time using the web interface of the modem. In my case, the DSL modem is doing the PPPoE connection but I have tried with the UC 500, I does also work properly. From there I used the CCA to create FW and NAT rules to allow inbound connection to my server. SBS uses : - TCP 25 (SMTP) - TCP 80 (HTTP) - TCP 443 (HTTPS) - TCP 3389 (RDP) - TCP & UDP 500 (VPN if you are not using the UC500 one) - TCP 21 (FTP should you have it) If you have already ran the SBS Wizard with the one network card config, you should be OK now. I'll dump the config I have tomorrow and post it. Hope it helps Fab Login or register to post comments


	#7Submitted by pb on Mon, 07/07/2008 - 10:54. Hi, on a PC, check with Hi, on a PC, check with ipconfig that the DNS address is SBS one. If so, and DNS doesn't work, that is due to SBS and the router has no responsibility. Perhaps, the SBS needs to do DHCP server as well, in which case just re-enable that and remove the pool from router. Login or register to post comments

UC500.com

Configuration Guides

User login

Navigation

Popular content

Today's:

All time:

Last viewed:

Recent comments

Who's online

Online users

Who's new

UC520 and Windows SBS2003

Finally got it sorted out. Thanks!

SBS 2003and DHCP

Thanks a million! That

nat and acl's appear to be

It's a Westell Wirespeed,

Next step...

Hi, on a PC, check with

Comment viewing options

About WMurray

Syndicate

Popular Tags

Active forum topics

Voice News

Cisco TAC Issues - CME - UE

Archive