VPN Granularity

[Guest]

Being strictly a TS kind of a person I've always managed to avoid the VPN setup........consequently I dunno much about VPN 'details'! I assume it does work.....

I have a coupla q's please.

The pressure for VPN access comes solely from Outlook 2K users wanting that darn Remote Mail/Current emails on Laptops...

My questions are these...

1)... Can you just restrict VPN to pick up Email from my XChange 2K Server and access no other Server (Data) on the network, and

2)... Not counting Pop mail, can users connect Outlook to a remote Exchange server w/out VPN?

Terminal Services work great on my 5 W2K Server Network and Pop mail, altho' setup and functioning is not a 'perfect' solution for those remote users who require current email on their laptops......

Thanks.

 

[Steven L Umbach]

Yes, a vpn server can be configured to control traffic that goes through it via IP
filtering as explained in the KB link below. This can also be done in Remote Access
policies if you have different needs for different users. You would have to configure
the filter to restrict traffic to be to and from the Exchange server only by it's
internal ip address and ports necessary for users to gin access.

http://support.microsoft.com/?kbid=255784
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017 --- see list for
Exchange ports, you may not need them all.

A user can connect to ANY server on the internet that exposes the necessary ports for
connections and the user has the right authentication credentials, but many limit
access to their VPN connections for obvious security reasons including the encryption
of traffic and protection to the network. You may want to look into Outlook Web
Access which allows users to connect to an Exchange Server via an internet
connection. I am not real familiar with OWA myself, but you can find information
about it at Microsoft Web site. --- Steve

Being strictly a TS kind of a person I've always managed to avoid the VPN

setup........consequently I dunno much about VPN 'details'! I assume it does
work.....

I have a coupla q's please.

The pressure for VPN access comes solely from Outlook 2K users wanting that darn

Remote Mail/Current emails on Laptops...

My questions are these...

1)... Can you just restrict VPN to pick up Email from my XChange 2K Server and

access no other Server (Data) on the network, and

2)... Not counting Pop mail, can users connect Outlook to a remote Exchange server w/out VPN?

Terminal Services work great on my 5 W2K Server Network and Pop mail, altho' setup

and functioning is not a 'perfect' solution for those remote users who require
current email on their laptops......

 

[Eric Phillips]

Mikey,

I wanted to chime in on one point Steven made. In theory you can share
anything over the internet, but one of the ports Exchange needs to connect
using the Exchange Server Service is TCP135, which of course is what
nimda/msblast/wlechia use, and because of those viruses most ISPs have
blocked that port. I know for a fact Comcast, and Earthlink (DSL and
dialup) both block TCP135, and both have stated over the phone that they do
not see removing the block ever.

One solution also not mentioned; Outlook 2003 can tunnel Exchange Server
Service completely over TCP80 to an Exchange2003 server. This may not be a
viable option for you, but never the less one you should be made aware of
before you purchase a VPN solution if mail is the only reason you want a
VPN; from my experience users have a lot of problems with VPNs, no matter
how simple you make it, any extra steps seem to confuse certain users.

Eric Phillips