RE: Exchange Over a VPN

  • From: "David V. Dellanno" <ddellanno@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 13 May 2003 09:18:36 -0400

Good read :)

-----Original Message-----
From: Erhard Haniffa [mailto:erhardhaniffa@xxxxxxxxxxxxxxxxx] 
Sent: Tuesday, May 13, 2003 9:12 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Exchange Over a VPN


http://www.MSExchange.org/

Ignore this message... its more meant for 5.5 we're looking at 2000

Ed

-----Original Message-----
From: Erhard Haniffa [mailto:erhardhaniffa@xxxxxxxxxxxxxxxxx] 
Sent: Tuesday, May 13, 2003 9:03 AM
To: [ExchangeList]
Subject: [exchangelist] Exchange Over a VPN

http://www.MSExchange.org/

He guys,

I was going over some articles on the MS site in preperation for our
exchange deployment through out our organisation. Just to give you a
feel for what we have planned, I'm going to list out what we are going
to do in brief.

We have 4 offices in different parts of canada and the US and they will
all have a minimum of T1's to the internet. The offices will be
connected throuhg VPN's and we planned to have exchange implemented at
all the offices as one organisation with a server sitting at each
location.

Then today I say the following on MS. SHould I change the plan to their
recommendation i.e use x400 instead of site connectors?

MORE INFORMATION
Site Connector and Message Transfer Agent (MTA) communication within
sites both use RPCs to connect, authenticate, and transfer e-mail
messages. Microsoft does not recommend that you use RPCs over a VPN.

RPC communication requires a minimum bandwidth of 56 Kbps and does not
tolerate latency on the network. As a general guideline, a Site
Connector requires at least 56 Kbps of network bandwidth that is
available exclusively for Exchange Server communications. It must be
heavily stressed that the 56-Kbps transfer rate is a bare minimum for
light mail flow with little or no directory replication traffic. A VPN
cannot provide guaranteed end-to-end bandwidth over a public network,
such as the Internet. Although a VPN connection can be managed over a
public network or over the Internet, the bandwidth is limited to what is
currently available over the current router path. Periodically, latency
can be expected on the network.

Note Site Connectors in a VPN over a public network are not supported.
The options that are supported in a VPN over a public network are: An
X.400 Connector if you are running Exchange Server Enterprise Edition
The Internet Mail Service with connected sites 
Spanning an Exchange Server site across a VPN is also not supported. A
supported configuration is to install or reinstall separate Exchange
sites that are separated by a VPN. To maintain connectivity and reliable
mail flow, Microsoft strongly recommends that you use an X.400 Connector
if you are running Exchange Server Enterprise Edition or the Internet
Mail Service if you are running Exchange Server Standard Edition with
connected sites over a VPN.

If a Site Connector uses a VPN connection, you may have slow or
intermittent mail flow, or it may stop mail flow completely. Event ID
9318, 9316, or 9322 messages may be logged by the Exchange Message
Transfer Agent service in the Application event log. These event ID
messages are also logged if the Site Connector or the MTA communication
within sites spans a VPN. These event ID messages may contain the
following error codes :
1722: This error code indicates that a connection to the RPC server
cannot be made.This may also indicate a possible name resolution
problem. Verify your name resolution as a best effort approach to
resolve this error.
1753: This error code indicates that the Endpoint mapper on port 135 is
not responding to a port request.
5: This error indicates that access was denied. To resolve this issue,
use the Override tabs on the Site Connector to verify the account and
password.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/ Windows
2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
erhardhaniffa@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/ Windows
2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
ddellanno@xxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message.


Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.


Other related posts: