I have set up an Exchange 2000 server on SP3. It is behind a Cisco router running NAT. Exchange mail and instant messaging work perfectly, except I cannot respond to or send instant messages to external clients internally. According to the Microsoft article Unable to receive instant messages after logging on through a proxy server or by using NAT it is by design. However, after reading your article and others, it does seem possible.
At first, I tried fixed ports, although I do not believe this was the problem. Then I thought it had something to do with the Rendezvous Protocol (RVP). After making sure it was in DNS, I thought I would also need to configure my router. This is not the case, according to Cisco. It is automatically supported. They have something called Rendezvous Point used in IP multicasting, but it is not the same. So I started looking at other avenues to investigate.
I came across a few articles. Some say that MSN instant messaging does use SIP, port 5060 (e.g., Instant Messaging in the enterprise: Where are you going tomorrow?). So I then tried the Cisco command, IP NAT service SIP TCP port 5060 -- nothing. Others articles (e.g., Special application port list) say I need different ports opened. I'm a bit confused.
Please help. Does it seem like I'm missing a piece of the puzzle somewhere? If so, where? Or is this simply impossible?
Thanks in advance.
IM services are being removed from Exchange 2003, the upgrade to Exchange 2000 due later this year. These services are being replaced by Real-Time Communication Services for Windows Server 2003, which is also due later this year. The IM Services in RTC Server will be based on SIP (Session Initiation Protocol -? currently in draft format in the IETF) and SIMPLE (SIP for Instant Messaging and Presence Leveraging Extensions -? See RFC 3428). SIP is an application layer protocol for establishing, manipulating and tearing down sessions. The primary function is helping session originators deliver invitations to session participants based on their best-known location. Once these services are in place, you will be able to more easily do B2B IM and/or have internal folks be able to access IM services externally without having to VPN in.
Getting back to your original question, RVP only uses TCP port 80, so that needs to be opened inbound on your firewall and requests to that port need to be sent to the Exchange 2000 server hosting the IM Home Server.
For starters, have a look at Exchange 2000 instant messaging setup. Then, check out the Exchange 2000 Resource Kit, which discusses in detail how to configure Exchange IM for external users.
This was first published in January 2003