Hi Tom, No I was not feeling like being laughed at, and thanks for the flowers :-) It seemed to me that the idea of dequeuing mails by using a vpn connection was considered to be hum.. inadequate to say the least :) I do however understand that the solutions proposed here may fit my needs, and I'm still reading up on that and I have to have a litle chat with my provider. To get back to the more theoretical question contained in my original mail: besides from any smtp issues, would it be possible to create a vpn connection in RRAS? Or more precisely, is any connection made in RRAS on the isa server itself considered to be "internal" or "external"? Or even somewhere in between? I'm a bit confused about that. If it's internal, things are clear - l2tp vpn wouldn't be possible... Thanks mark > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] > Sent: Wednesday, March 26, 2003 1:27 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Howto make ISA server a VPN client > > > http://www.ISAserver.org > > > Hi Mark, > > I don't think anyone meant to laugh at you, and your English > is better than my German, and its probably better than my English! :-) > > However, maybe its ignorance on my part, but I don't see any > way were VPN would fit into this equation. Maybe I don't > understand your problem, but it sounds like you have an SMTP > server on your network that you want to dequeue messages on > your ISP's SMTP server. If that's the case, I don't see how > VPN would fit into making this work. > > TRN and ETRN sound like the answer to your problem. But I > also think you need to get a dedicated IP address, or at > least host your own SMTP server and using a DDNS provider > like TZO so that changing IP addresses aren't a problem. > > HTH, > Tom > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > > -----Original Message----- > From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx] > Sent: Tuesday, March 25, 2003 2:02 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Howto make ISA server a VPN client > > > http://www.ISAserver.org > > > Good morning, > > Well I'm happy to see that I can contribute some amusement :) > I think I will have to explain the problem in more detail to > shed a light on this. > > The thing is, I don't really know enough about configuring a > unix machine to deliver mails, that's entirely up to my > provider. There's two providers we're talking about, one > being the one to supply dial up access, the other one a > smaller company which does web, mail and DNS hosting. This > one's a friend of mine, and I wanted to switch to SMTP > delivery a) to get rid of all the spam I receive and b) to > come closer to a real life scenario with my exchange server > which I need to do some lab work and testing. > > So the question was how to make this work. I said that ETRN > was not an option because it does not "open" a communication > than rather triggering a second connection. After I did some > reading, I am not too shure altogether if that's true. But > anyway that's what my provider said. If it's not that way and > ETRN does initiate a communication, then Jim's right and this > would be a way to go. The FQDN could be provided by a DDNS server. > > The idea of making a vpn connection of some kind came from a > similar setup with a dedicated ip and a dial-up connection. > In that scenario, the customer's (i.e. my) server is the > primary mx and the provider is the secondary mx. Using VPN > would make any auth on the smtp side obsolete and means very > little configuration, because my provider would only have to > make my internal ip address the primary mx. You get the picture? > > Jim wrote that ISA NAT doesn't handle IPSec - that would > apply only if the VPN connection is made from the exchange > server right? That's why I thought I might go this way: > > Exchange - ISA|VPN start - internet - VPN end|mail provider > > Not an option I guess, huh? > > One more thing I'd like to say: it's a good thing that there > is such a list where one can have his problems discussed, and > I really do appreciate your help. But for instance in this > thread, I didn't really get an answer to my original > questions. I mean, this could be a problem of communication, > I sometimes think that I don't express myself clear enough - > of course english is not my native language, maybe that's the > reason. The ETRN problem left aside, it could be any other > scenario involving VPN and I asked the question to get a > better understanding on what's possible and some feedback. It > would be great if one of you could write a couple of lines. > > Thanks for listing > Mark > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: > http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a > blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: > http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email > to $subst('Email.Unsub') >