Hi Mark, I don't think anyone meant to laugh at you, and your English is better than my German, and its probably better than my English! :-) However, maybe its ignorance on my part, but I don't see any way were VPN would fit into this equation. Maybe I don't understand your problem, but it sounds like you have an SMTP server on your network that you want to dequeue messages on your ISP's SMTP server. If that's the case, I don't see how VPN would fit into making this work. TRN and ETRN sound like the answer to your problem. But I also think you need to get a dedicated IP address, or at least host your own SMTP server and using a DDNS provider like TZO so that changing IP addresses aren't a problem. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx] Sent: Tuesday, March 25, 2003 2:02 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Howto make ISA server a VPN client http://www.ISAserver.org Good morning, Well I'm happy to see that I can contribute some amusement :) I think I will have to explain the problem in more detail to shed a light on this. The thing is, I don't really know enough about configuring a unix machine to deliver mails, that's entirely up to my provider. There's two providers we're talking about, one being the one to supply dial up access, the other one a smaller company which does web, mail and DNS hosting. This one's a friend of mine, and I wanted to switch to SMTP delivery a) to get rid of all the spam I receive and b) to come closer to a real life scenario with my exchange server which I need to do some lab work and testing. So the question was how to make this work. I said that ETRN was not an option because it does not "open" a communication than rather triggering a second connection. After I did some reading, I am not too shure altogether if that's true. But anyway that's what my provider said. If it's not that way and ETRN does initiate a communication, then Jim's right and this would be a way to go. The FQDN could be provided by a DDNS server. The idea of making a vpn connection of some kind came from a similar setup with a dedicated ip and a dial-up connection. In that scenario, the customer's (i.e. my) server is the primary mx and the provider is the secondary mx. Using VPN would make any auth on the smtp side obsolete and means very little configuration, because my provider would only have to make my internal ip address the primary mx. You get the picture? Jim wrote that ISA NAT doesn't handle IPSec - that would apply only if the VPN connection is made from the exchange server right? That's why I thought I might go this way: Exchange - ISA|VPN start - internet - VPN end|mail provider Not an option I guess, huh? One more thing I'd like to say: it's a good thing that there is such a list where one can have his problems discussed, and I really do appreciate your help. But for instance in this thread, I didn't really get an answer to my original questions. I mean, this could be a problem of communication, I sometimes think that I don't express myself clear enough - of course english is not my native language, maybe that's the reason. The ETRN problem left aside, it could be any other scenario involving VPN and I asked the question to get a better understanding on what's possible and some feedback. It would be great if one of you could write a couple of lines. Thanks for listing Mark ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')