LYNC 2010 – what dns entries for an edge server

When you installed Lync did you add the CSAdministrator and RTCUniversalServerAdmins to your Administrator Member Of Security group?

Without CSAdministrator you cannot log into the Control Pannel, and without RTCUniversalServerAdmins, you will have some trouble in doing some advanced powershell stuff.

See: http://blog.schertz.name/2010/09/lync2010rc-deployment-part1/

I have a similar setup to you, and here's what I'm doing and everything works:

External IP1, Port 80/TCP is NAT/PAT to Standard server port 8080/TCP External IP1, Port 443/TCP is NAT/PAT to Standard server port 4443/TCP

Since you're not using a TMG server, your firewall must do port translation so that external requests hit the correct site in IIS on your Standard (frontend) server.

External IP2, 443/TCP, 5061/TCP, 3478/UDP, TCP/UDP 50000-59999 Static NAT to Edge server, no port translation

Firewall rules permit the Edge server to talk to the standard edition frontend server.

I'd have to go back and look at my topology, but I believe I used separate URLs and IPs for each of the different services/media. Most of the Lync headaches are in the DNS misconfigurations, sometimes it won't accept CNAMES where you need A records, and vice versa.

If you're going to have a lot of clients (more than 100) than you probably should use a TMG or "insert reverse proxy here" to protect your frontend.

The image below may help you, as will the source that drew it:

http://ucken.blogspot.com/2011/07/configuring-lync-for-external-access.html