[vpn] Exchange over VPN - capacity expectations ?

John Haines john.haines at erwine.com
Sun Mar 3 05:20:17 EST 2002 

I would agree that you should place your exchange server where you expect
most of your users to be.  You could try some clever things to reduce the
amount of traffic coming down you encrypted path by using LMHOSTS for
servers that are most frequently used and hence reduce some of your WINS and
other naming traffic requests.  Here is an article to the registry hacks to
make exchange and clients communicate over more restrictive ports.  This
will limit it to 135 TCP and two other TCP ports of your choice.  We used
this for OWA access as the OWA servers behaves exactly like a MAPI client,
just be careful on what ports you sue I picked two unused reserved ports for
AppleTalk in the <1023 range as we were never going to use AppleTalk on this
machine.

http://support.microsoft.com/support/kb/articles/Q259/2/40.ASP
http://support.microsoft.com/support/kb/articles/Q155/8/31.ASP

Rgds,

John Haines


-----Original Message-----
From: Chuck Renner [mailto:crenner at dynalivery.com]
Sent: 02 March 2002 18:19
To: Phillips, Kevin; vpn at securityfocus.com
Subject: Re: [vpn] Exchange over VPN - capacity expectations ?


=
> There is talk of running our exchange over the VPN. We will be using a PIX
> 506 with 3DES over a T1 starred out to 3 other offices. We have about 35
> users in this office that will be using the internet as well as BAAN over
> the VPN. HQ want to remove our exchange machine and put our mail boxes at
> another site.
> Has anyone else done this and how was the performance ?

Well, it would be best to put the Exchange server where most of your users
are at.  If performance is too much of a pig for the remote users, you could
consider setting up additional Exchange servers at the remote offices.
You'll have to cough up extra money to MS, but probably cheaper than
increasing bandwidth between offices.

I recommend you get the O'Reilly book Managing Microsoft Exchange Server,
which covers planning for remote sites, multiple servers, etc.  My copy is
at work, so I can't tell you how well it addresses remote offices talking to
a remote server, but if you're running an Exchange box, you should have this
book anyway.
http://www.oreilly.com/catalog/managexsvr/





VPN is sponsored by SecurityFocus.com




VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list