Fred, You need to put the fully qualified domain name of the IM server in the NAT gateway field. The fully qualified domain name must match the fully qualified domain name of the users address defined in the IM server.
Here is an example on how I setup our IM server using a NAT I created a 'A' record on our external DNS server for the host IM and pointed it to a public/routable IP address im.nfti.com -> 12.32.70.211 Then I created a 'A' record on our internal DNS server for the IM and pointed it to the local address of the our IM server im.nfti.com -> 10.0.0.30 Next I needed to setup the IM server and I decided to use Windows NT authentication so that I only had to create a user once. Go to the General settings of the IM server and configure Windows NT Authentication and click configure. Enter your domain name and the computer name of the IM server. Then in the NAT gateway address I entered the fully qualified domain name of the IM server that a DNS server would use to connect to the server. In this example it would be im.nfti.com Finally on the Firewall I mapped the external request for 12.32.70.211 port 5177 (Inbound/Outbound) to the internal address of 10.0.0.30 nslookup outside our firewall for im.nfti.com resolve to 12.32.70.211 which gets passed to 10.0.0.30 nslookup inside our firewall for im.nfti.com resolve to 10.0.0.30 Everything works and it's running fine. Hope this helps somebody out? Regards, Greg -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Fred Stover Sent: Wednesday, February 26, 2003 9:05 AM To: '[EMAIL PROTECTED]' Subject: RE: [IpswitchIM_Forum] NATing questions Upgrading didn't help, now I show a gray face with a blue question mark. Do I need to open 5177 both ways? Also, if the im server is in a dmz do I put the firewall address in the nat gateway or the ip of the im server? -----Original Message----- From: Fred Stover [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 2:57 PM To: '[EMAIL PROTECTED]' Subject: [IpswitchIM_Forum] NATing questions I have IM working inside my company's firewall, all is working great, had a little nating problem but worked though them. Now, the final test: I have installed an IM server in a dmz zone which is where it will finally live, with the following setup: I opened port 5177 outbound and inbound into the dmz, and I'm connecting to the im server from inside the firewall. The test clients all show with a gray smiley face and I can't chat. However, the chat messages are stored on the im server and will show the next time a test client connects. Here's the config: dns server inside the firewall pointing the im server in the dmz: im.imany.com 172.16.200.7 On the im server I have the 'nat gateway host' = im.imany.com I have made the registry changes to the clients, prior to making them I was showing the blue questions mark. Any thoughts? Fred To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/ipswitchim_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/Instant_Messenger/index.asp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/ipswitchim_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/Instant_Messenger/index.asp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/ipswitchim_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/Instant_Messenger/index.asp
