Re: Howto make ISA server a VPN client
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 24 Mar 2003 09:46:30 -0800
What do you hope to gain by creating a VPN tunnel between SMTP servers? This
is the hard way of
dealing with dynamically-assigned IPs.
Take a look at :
1. Dynamic DNS
2. the Exchange docs for setting up an ETRN scenario
Also, PPTP is the only VPN that the Exchange server can use; ISA NAT doesn't
handle IPSec
(required for Windows L2TP).
ISA can be the VPN client or server for the external SMTP server, but I see no
benefit from this
just to pass email.
Jim Harrison [ISAQFE]
Read the help, books and articles!
This posting is provided "AS IS" with no warranties, and confers no rights.
----- Original Message -----
From: "Mark Hippenstiel" <m.hippenstiel@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, March 24, 2003 09:35
Subject: [isalist] Howto make ISA server a VPN client
http://www.ISAserver.org
This is a multi-part message in MIME format.
--------------------------------------------------------------------------------
Hi folks,
I am currently evaluating a scenario in which an Exchange Server behind ISA
connects to the ISP's mail server via VPN, thus elimiating the need for a
static IP address. Now I'm facing some problems of understanding which you
can hopefully help me get rid of.
- Do I have to make ISA or the Exchange Server the VPN client?
- ISA does not support L2TP-tunneling, does it? I would rather not use PPTP,
as does the provider
- So, do I have to set up a static route to the ISP mail server on the ISA
machine? With RAS? (btw I already tried that but the route seems to work
only on ISA itself? - of course it didn't work but I wanted to see what
happens :-)
- Can this route point to an interface that I created with the VPN wizard of
RAS?
- Or is this configuration completely impossible?
- And finally if it *is* possible, what kind of packet filters to I have to
set within ISA? Can I use Tom's article on ISA to RAS connections as a
guideline or is there some substantial difference between a
gateway-to-gateway configuration and my idea of ISA being a "client" for
that matter?
As always, thanks for listening!
Mark
--------------------------------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
