Re: Howto make ISA server a VPN client
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 29 Mar 2003 10:43:10 -0600
Hi Mark,
You're welcome for the flowers ;-)
ISA Server does not apply firewall policy to any VPN links. These
include inbound VPN client connections, VPN gateway connections, and
outbound PPTP connections from internal network clients to external VPN
servers. So, if you want to establish a VPN connection from your
internal SMTP server to your ISP, the ISA Server won't get in the way,
as long as you're using PPTP.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
Sent: Friday, March 28, 2003 8:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Howto make ISA server a VPN client
http://www.ISAserver.org
Hi Tom,
No I was not feeling like being laughed at, and thanks for the flowers
:-)
It seemed to me that the idea of dequeuing mails by using a vpn
connection
was considered to be hum.. inadequate to say the least :)
I do however understand that the solutions proposed here may fit my
needs,
and I'm still reading up on that and I have to have a litle chat with my
provider.
To get back to the more theoretical question contained in my original
mail:
besides from any smtp issues, would it be possible to create a vpn
connection in RRAS? Or more precisely, is any connection made in RRAS on
the
isa server itself considered to be "internal" or "external"? Or even
somewhere in between? I'm a bit confused about that. If it's internal,
things are clear - l2tp vpn wouldn't be possible...
Thanks
mark
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, March 26, 2003 1:27 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Howto make ISA server a VPN client
>
>
> http://www.ISAserver.org
>
>
> Hi Mark,
>
> I don't think anyone meant to laugh at you, and your English
> is better than my German, and its probably better than my English! :-)
>
> However, maybe its ignorance on my part, but I don't see any
> way were VPN would fit into this equation. Maybe I don't
> understand your problem, but it sounds like you have an SMTP
> server on your network that you want to dequeue messages on
> your ISP's SMTP server. If that's the case, I don't see how
> VPN would fit into making this work.
>
> TRN and ETRN sound like the answer to your problem. But I
> also think you need to get a dedicated IP address, or at
> least host your own SMTP server and using a DDNS provider
> like TZO so that changing IP addresses aren't a problem.
>
> HTH,
> Tom
>
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
>
>
>
> -----Original Message-----
> From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
> Sent: Tuesday, March 25, 2003 2:02 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Howto make ISA server a VPN client
>
>
> http://www.ISAserver.org
>
>
> Good morning,
>
> Well I'm happy to see that I can contribute some amusement :)
> I think I will have to explain the problem in more detail to
> shed a light on this.
>
> The thing is, I don't really know enough about configuring a
> unix machine to deliver mails, that's entirely up to my
> provider. There's two providers we're talking about, one
> being the one to supply dial up access, the other one a
> smaller company which does web, mail and DNS hosting. This
> one's a friend of mine, and I wanted to switch to SMTP
> delivery a) to get rid of all the spam I receive and b) to
> come closer to a real life scenario with my exchange server
> which I need to do some lab work and testing.
>
> So the question was how to make this work. I said that ETRN
> was not an option because it does not "open" a communication
> than rather triggering a second connection. After I did some
> reading, I am not too shure altogether if that's true. But
> anyway that's what my provider said. If it's not that way and
> ETRN does initiate a communication, then Jim's right and this
> would be a way to go. The FQDN could be provided by a DDNS server.
>
> The idea of making a vpn connection of some kind came from a
> similar setup with a dedicated ip and a dial-up connection.
> In that scenario, the customer's (i.e. my) server is the
> primary mx and the provider is the secondary mx. Using VPN
> would make any auth on the smtp side obsolete and means very
> little configuration, because my provider would only have to
> make my internal ip address the primary mx. You get the picture?
>
> Jim wrote that ISA NAT doesn't handle IPSec - that would
> apply only if the VPN connection is made from the exchange
> server right? That's why I thought I might go this way:
>
> Exchange - ISA|VPN start - internet - VPN end|mail provider
>
> Not an option I guess, huh?
>
> One more thing I'd like to say: it's a good thing that there
> is such a list where one can have his problems discussed, and
> I really do appreciate your help. But for instance in this
> thread, I didn't really get an answer to my original
> questions. I mean, this could be a problem of communication,
> I sometimes think that I don't express myself clear enough -
> of course english is not my native language, maybe that's the
> reason. The ETRN problem left aside, it could be any other
> scenario involving VPN and I asked the question to get a
> better understanding on what's possible and some feedback. It
> would be great if one of you could write a couple of lines.
>
> Thanks for listing
> Mark
>
>
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
Free Trial Software: Monitor & Manage Web Use with SurfControl Web
Filter for MS ISA Server http://www.surfcontrol.com/go/zisadl1
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
