Re: Howto make ISA server a VPN client
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 25 Mar 2003 18:26:37 -0600
Hi Mark,
I don't think anyone meant to laugh at you, and your English is better
than my German, and its probably better than my English! :-)
However, maybe its ignorance on my part, but I don't see any way were
VPN would fit into this equation. Maybe I don't understand your problem,
but it sounds like you have an SMTP server on your network that you want
to dequeue messages on your ISP's SMTP server. If that's the case, I
don't see how VPN would fit into making this work.
TRN and ETRN sound like the answer to your problem. But I also think you
need to get a dedicated IP address, or at least host your own SMTP
server and using a DDNS provider like TZO so that changing IP addresses
aren't a problem.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
Sent: Tuesday, March 25, 2003 2:02 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Howto make ISA server a VPN client
http://www.ISAserver.org
Good morning,
Well I'm happy to see that I can contribute some amusement :) I think I
will
have to explain the problem in more detail to shed a light on this.
The thing is, I don't really know enough about configuring a unix
machine to
deliver mails, that's entirely up to my provider. There's two providers
we're talking about, one being the one to supply dial up access, the
other
one a smaller company which does web, mail and DNS hosting. This one's a
friend of mine, and I wanted to switch to SMTP delivery a) to get rid of
all
the spam I receive and b) to come closer to a real life scenario with my
exchange server which I need to do some lab work and testing.
So the question was how to make this work. I said that ETRN was not an
option because it does not "open" a communication than rather triggering
a
second connection. After I did some reading, I am not too shure
altogether
if that's true. But anyway that's what my provider said. If it's not
that
way and ETRN does initiate a communication, then Jim's right and this
would
be a way to go. The FQDN could be provided by a DDNS server.
The idea of making a vpn connection of some kind came from a similar
setup
with a dedicated ip and a dial-up connection. In that scenario, the
customer's (i.e. my) server is the primary mx and the provider is the
secondary mx. Using VPN would make any auth on the smtp side obsolete
and
means very little configuration, because my provider would only have to
make
my internal ip address the primary mx. You get the picture?
Jim wrote that ISA NAT doesn't handle IPSec - that would apply only if
the
VPN connection is made from the exchange server right? That's why I
thought
I might go this way:
Exchange - ISA|VPN start - internet - VPN end|mail provider
Not an option I guess, huh?
One more thing I'd like to say: it's a good thing that there is such a
list
where one can have his problems discussed, and I really do appreciate
your
help. But for instance in this thread, I didn't really get an answer to
my
original questions. I mean, this could be a problem of communication, I
sometimes think that I don't express myself clear enough - of course
english
is not my native language, maybe that's the reason. The ETRN problem
left
aside, it could be any other scenario involving VPN and I asked the
question
to get a better understanding on what's possible and some feedback. It
would
be great if one of you could write a couple of lines.
Thanks for listing
Mark
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
