VPN and email

Incident response
Intrusion management
Network security
Hello, I set up a VPN on the office server and I am not allowing split tunneling. Now I am trying to set up a laptop to access the VPN, the Outlook Exchange serve, internet and email. Igot the laptop connecting to the VPN and set it up to use the proxy on the server so that the laptop can access internet sites while connected to the VPN without creating a split tunnel. The laptop can also connect to the exchange server and can receive and send local office email via Exchange server. The problem I am having is getting the external email working. I dont think the server is allowing inbound and outgoing email via port 23. Is there a solution for this problem, aside from the obvious (allowing split tunneling)?? I do NOT want to do this as the security risk are too great. Is there a possible setting in outlook which would allow this? thanks Adam PS: The server is on windows 2000 server and the laptop is on windows 2000. The server is also running exchanges server 2000 and ISA server 2000 and the built in windows proxy. This server is also the domain server and DHCP server.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Just off the top of my head:

In order for you to setup your exchange server for internal and external email you have to do a few things:

1. You need to allow the appropriate ports for incoming and outgoing email on the ISA server (POP-110, IMAP-143, SMTP-25, etc.). You probably want to use a server publishing rule on ISA for exchange. Be sure to read the articles to cover yourself (Security, Best Practice).

2. You need a MX record on the Internet for your domain name. The ISA server needs to be able to resolve this hostname internally. Also, if you publish your server through ISA, the hostname should resolve to an IP on ISA.

3. IF exchange and ISA are on the same server, you probably have run across a port conflict with ISA and IIS. There are articles on this.

4. For external access to OWA, I would recommend you use SSL. There are stronger authentication mechanisms out there as well, such as SecurID.

5. Make sure your exchange server can resolve the destination domain name (DNS). This will require external resolution. Follow best practice.

Best bet is to read some of the articles on Microsoft. The configuration is not that complex.

P.S. I hope domain server doesn’t mean domain controller. If so, you should go to great lengths to ensure security is implemented correctly.

Dante Brown

Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • MrWizard
    You need to configure ISA to allow email to your server. Go to ISA. right-click 'Server Publishing'. Run the 'Secure Mail Server' wizard.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: