Here is a question sent to Microsoft Support
Looking at the Direct Routing Media Optimization documentation, the Microsoft documentation is not very clear about what is called an External User and about Trusted IP address.
In the SBC proxy scenario, an External Nat Trusted IP is specified and must be declared. I confess that I don’t understand why
In this configuration as there is no Internet egress point, the Vietnam gateway does not have a public IP address. (SBC External IP address is null see the array below). But we can see that an External trusted IP (172.16.240.110) must be declared but I confess I don’t know where this address comes from.
Again, neither Vietnam nor Indonesia has a local internet connection. Users access the internet via the default route to Singapore.
As the documentation explain, External trusted IPs are the « Internet external IPs of the enterprise network. These IP’s are the IP addresses used by Microsoft Teams clients when they connect to Microsoft 365« . It is written here :
So let’ s back to basic: An external user is a user connected NOT with an « Internet external IPs of the enterprise network » but a user connected On 4G, or Cybercafé. So, in other word with an unpredicted Public IP address. So, as I can understand, only one voice Policy could fire the call of this Vietnamese external user connected on Internet to the right gateway (Vietnam)
As the opposite an Internal nomad user is for example a Vietnamese user connected on the corporate network in Indonesia
So my concern is: Why should we declare these trusted IPs for External users. Is these Trusted IP Addresses used only in the scenario with Internal Nomad user?