RE: DNS and Routers

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 10 Feb 2003 19:58:12 -0600

Hi Mark,

Do you know if there's a reason why you can't use your DSL connection to
download your mail? 

Thanks!
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp 


-----Original Message-----
From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx] 
Sent: Sunday, February 09, 2003 3:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS and Routers


http://www.ISAserver.org


Hi Tom,

The UUNET router initiates a dial up connection to UUNET (internet). As
soon
as it goes online, UUNET delivers waiting mails to the exchange server.
The
exchange server is indeed hosting its own mail domain. Outgoing mail,
like I
already said, is delivered to the UUNET smarthost. I'm not too shure
about
the setup at UUNET, but I will check on this on Tuesday.

The reason why we cannot use the other internet connection is that there
is
no such functiontionality available at the ISP.

But I agree the best thing to do would probably be siwtching to a
provider
that provides the functionality - it's only a matter of cost...

Mark

> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Sunday, February 09, 2003 10:09 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: DNS and Routers
>
>
> http://www.ISAserver.org
>
>
> Hi Mark,
>
> What is the purpose of this UU router? Do you need it? Why
> not use the DSL line for all Internet related activity? Does
> this router connect to the Internet or is it a point to point
> link with a partner or remote office?
>
> Is the Exchange Server hosting its own mail? Or are the users
> using a dial up connection to pull mail from their own
> servers and store it in the Exchange Store? Or, are you using
> TRN/ERTN to pull mail from the ISP?
>
> Thanks!
> Tom
>
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
>
>
>
>
>
> -----Original Message-----
> From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
> Sent: Sunday, February 09, 2003 3:26 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: DNS and Routers
>
>
> http://www.ISAserver.org
>
>
> Hi Tom,
>
> Thanks a lot for your help, but unfortunately I must say,
> that I knew all of this already. It's a shame really... Ok,
> let's start all over again, where's the reset button...
>
> You got the ISA part right down there. What went amiss was
> the UUNET router. This router is with it's current setup a
> potential security risk *AND* forces the customer to use some
> weird network settings on the DC (=Exchange). I will try to
> explain again:
>
> >From the external point of view there are two entry points into the
> network,
> both at routers that manage dod connections. The difference
> between them
> is:
> one is connected to the external NIC of the ISA box (DSL),
> the other one is directly connected to the network (ISDN I
> think). Let's call them DSL and UU.
>
> This setup is not desirable, so one task would be to but both
> routers onto a network that is connected to the external ISA
> interface.
>
> Now this is not the real problem. Let's talk about mail delivery.
>
> I'm sure you agree that an SMTP server with a variable IP
> address is not a good idea. Many SMTP hosts reject such
> connections. Moreover, you'd be having problems with incoming
> mails, because to my knowlegde there is no reliable way to
> have an MX point to the obtained IP address - even dyndns has
> it's drawbacks such as cached entries and so forth....
>
> That's why I don't intend to change the customers setup in
> this respect. So here comes the UU router. This router
> connects to UUNET regularly (it's being pinged by the DC).
> UUNET detects the connection and starts delivering mails to
> the DC. Any outgoing mail is sent to something like
> mail.uu.net. Here's the second important point: for
> authentication reasons (smarthosting,
> relaying) the connection to mail.uu.net has to come from an
> internal address to the UUNET network (no big deal). That's
> the reason why the DC has the UU router as a default gateway.
> Right now this works more or less, but as I said the setup is
> a bit spooky.
>
> Now, if we move the UU router to the external segment of the
> ISA box, there's going to be the problem of telling ISA how
> to handle this. To keep this in mind: the goal is to make the
> setup more transpaent, eliminate the security problem and
> also to resolve the DNS and routing problems within the network.
>
> For my better understandng, let's imagine that both the DSL
> and the UU router were connected to the external interface.
> We would then have a subnet like 10.1.1.0 or whatever, which
> would not be contained in the LAT, right? The default gateway
> on the external NIC would point to the "primary" router (this
> would be DSL). Now, back to mails: opening a connection to
> UUNET is not a problem, we can ping from the ISA box to the
> UU router, thus initiating delivery. Surely we would need to
> publish the exchange and check with UUNET what to reconfigure
> at the UU router and so forth. Not a real problem there.
>
> Outgoing mails would be bit more tricky: the current setting
> (def. gw. on the DC pointing to UU) would have to be changed.
> So the DC would just be a Secure NAT client. When we try to
> deliver the mails, we will connect to mail.uu.net. The
> default route on the ISA box would direct all traffic to the
> DSL router and the connection will fail (because the request
> to mail.uu.net will then not come from within UUNET network).
> So we would have to implement a route or something else that
> automagically directs the traffic to mail.uu.net to the UU router.
>
> I've setup a few ISA boxes but I'm not really familiar with
> the SMTP functionality, and I'm also not a geek when it comes
> to routing and manually adding routes... So the question is:
> is that possible?
>
> I think that changing the mail setup may be another approach
> but this would involve a number of other problems (domain,
> delivery mechanism and so on... Btw features that are not
> available at the DSL connection's ISP, I'm
> afraid)
>
> Alright, sorry for producing such a lenghty mail. And thanks
> for listenig, as always :) Mark
>
>
>
>
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---