Re: Howto make ISA server a VPN client

• From: "Mark Hippenstiel" <m.hippenstiel@xxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 28 Mar 2003 15:07:30 +0100

Hi Tom,

No I was not feeling like being laughed at, and thanks for the flowers :-)
It seemed to me that the idea of dequeuing mails by using a vpn connection
was considered to be hum.. inadequate to say the least :)

I do however understand that the solutions proposed here may fit my needs,
and I'm still reading up on that and I have to have a litle chat with my
provider.

To get back to the more theoretical question contained in my original mail:
besides from any smtp issues, would it be possible to create a vpn
connection in RRAS? Or more precisely, is any connection made in RRAS on the
isa server itself considered to be "internal" or "external"? Or even
somewhere in between? I'm a bit confused about that. If it's internal,
things are clear - l2tp vpn wouldn't be possible...

Thanks
mark

> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, March 26, 2003 1:27 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Howto make ISA server a VPN client
>
>
> http://www.ISAserver.org
>
>
> Hi Mark,
>
> I don't think anyone meant to laugh at you, and your English
> is better than my German, and its probably better than my English! :-)
>
> However, maybe its ignorance on my part, but I don't see any
> way were VPN would fit into this equation. Maybe I don't
> understand your problem, but it sounds like you have an SMTP
> server on your network that you want to dequeue messages on
> your ISP's SMTP server. If that's the case, I don't see how
> VPN would fit into making this work.
>
> TRN and ETRN sound like the answer to your problem. But I
> also think you need to get a dedicated IP address, or at
> least host your own SMTP server and using a DDNS provider
> like TZO so that changing IP addresses aren't a problem.
>
> HTH,
> Tom
>
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
>
>
>
> -----Original Message-----
> From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
> Sent: Tuesday, March 25, 2003 2:02 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Howto make ISA server a VPN client
>
>
> http://www.ISAserver.org
>
>
> Good morning,
>
> Well I'm happy to see that I can contribute some amusement :)
> I think I will have to explain the problem in more detail to
> shed a light on this.
>
> The thing is, I don't really know enough about configuring a
> unix machine to deliver mails, that's entirely up to my
> provider. There's two providers we're talking about, one
> being the one to supply dial up access, the other one a
> smaller company which does web, mail and DNS hosting. This
> one's a friend of mine, and I wanted to switch to SMTP
> delivery a) to get rid of all the spam I receive and b) to
> come closer to a real life scenario with my exchange server
> which I need to do some lab work and testing.
>
> So the question was how to make this work. I said that ETRN
> was not an option because it does not "open" a communication
> than rather triggering a second connection. After I did some
> reading, I am not too shure altogether if that's true. But
> anyway that's what my provider said. If it's not that way and
> ETRN does initiate a communication, then Jim's right and this
> would be a way to go. The FQDN could be provided by a DDNS server.
>
> The idea of making a vpn connection of some kind came from a
> similar setup with a dedicated ip and a dial-up connection.
> In that scenario, the customer's (i.e. my) server is the
> primary mx and the provider is the secondary mx. Using VPN
> would make any auth on the smtp side obsolete and means very
> little configuration, because my provider would only have to
> make my internal ip address the primary mx. You get the picture?
>
> Jim wrote that ISA NAT doesn't handle IPSec - that would
> apply only if the VPN connection is made from the exchange
> server right? That's why I thought I might go this way:
>
> Exchange - ISA|VPN start - internet - VPN end|mail provider
>
> Not an option I guess, huh?
>
> One more thing I'd like to say: it's a good thing that there
> is such a list where one can have his problems discussed, and
> I really do appreciate your help. But for instance in this
> thread, I didn't really get an answer to my original
> questions. I mean, this could be a problem of communication,
> I sometimes think that I don't express myself clear enough -
> of course english is not my native language, maybe that's the
> reason. The ETRN problem left aside, it could be any other
> scenario involving VPN and I asked the question to get a
> better understanding on what's possible and some feedback. It
> would be great if one of you could write a couple of lines.
>
> Thanks for listing
> Mark
>
>
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>

Other related posts:

• » Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » RE: Howto make ISA server a VPN client
• » RE: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » RE: Howto make ISA server a VPN client
• » RE: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client
• » Re: Howto make ISA server a VPN client

1. Home
2. isalist
3. Archive
4. 03-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---