From SKIP.HOFMANN at ttisg.com Wed Dec 1 20:21:59 2004 From: SKIP.HOFMANN at ttisg.com (SKIP HOFMANN) Date: Wed, 1 Dec 2004 17:21:59 -0800 Subject: [VPN] VPN with Exchange issue Message-ID: <771B1E5B26C8EA4BB4523881A34A80C601F80141@isgmx01.ttisg.com> Setup Exchange 2003 and have your clients run outlook 2003 on windows XP sp1. Setup exchange for RPC over HTTPS and your issue is solved. No more need to use a VPN -----Original Message----- From: Dube, Paul [mailto:paul at dube.net] Sent: Tuesday, November 30, 2004 5:14 PM To: vpn at lists.shmoo.com Subject: [VPN] VPN with Exchange issue Greetings all, I have a client that is presenting me with a new issue for which I do not yet have all the facts. I will be on site tomorrow and hope to at least get those. However, from what I have gathered so far, they are using Outlook and Exchange with a custom developed application using public folders. The data in the public folders must be available when not connected so it must use the 'available offline' aspect of that combination. I am not completely familiar with Outlook/Exchange but I believe that this synchronization of content only transpires when using the native connect mode which is not commonly available without a VPN. My client is using the Shiva VPN client to connect to the LAN and access the Exchange server. The issue arises when they are in a hotel or other location with a LAN in the same subnet (192.169.1.255) and there is a machine on the LAN at the same IP address as the exchange server on the corporate LAN. I am wondering if simply putting the Exchange server on an IP unlikely to be assigned to a machine on another LAN, using a reserved address and 1-1 NAT, or routing the connection over an SSH redirect would be a workable solution. I am also wondering if the issue only arises due to an oversight in initial implementation and the Shiva VPN can be configured to route all requests on the specified ports over the VPN to a remote machine, ignoring any local machine with the same IP address. Thank in advance, Paul Dube Paul Dube From bruns at 2mbit.com Wed Dec 1 22:01:59 2004 From: bruns at 2mbit.com (Brian Bruns) Date: Wed, 1 Dec 2004 22:01:59 -0500 Subject: [VPN] VPN with Exchange issue References: <771B1E5B26C8EA4BB4523881A34A80C601F80141@isgmx01.ttisg.com> Message-ID: <000e01c4d81b$4c4f7990$05010e0a@intrepid> On Wednesday, December 01, 2004 8:21 PM [EST], SKIP HOFMANN wrote: > Setup Exchange 2003 and have your clients run outlook 2003 on windows > XP sp1. Setup exchange for RPC over HTTPS and your issue is solved. > No more need to use a VPN > > Or, if you still want to use the VPN, you can do something like setup a batch file (if its a VPN client capable of command line commands) that will establish the VPN, then run the route command as follows: route ADD MASK 255.255.255.255 METRIC 1 That will force a route over the VPN to the Exchange server. When the VPN is killed, the route will go down with it. This works nicely with Win2k/XP/2003 and the built in IPSec/PPTP client, which can activate connections via the command line. This would allow you to keep the Exchange server behind the firewall and not have to expose it at all to the web (and thus avoid any future exploits directed specifically at it). -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / The AHBL http://www.sosdg.org / http://www.ahbl.org From dan at linder.org Wed Dec 1 22:59:30 2004 From: dan at linder.org (Daniel Linder) Date: Wed, 1 Dec 2004 21:59:30 -0600 (CST) Subject: [VPN] VPN with Exchange issue In-Reply-To: <771B1E5B26C8EA4BB4523881A34A80C601F80141@isgmx01.ttisg.com> References: <771B1E5B26C8EA4BB4523881A34A80C601F80141@isgmx01.ttisg.com> Message-ID: <33614.12.216.173.10.1101959970.squirrel@12.216.173.10> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul wrote: [...snip...] > server. The issue arises when they are in a hotel or other location with > a LAN in the same subnet (192.169.1.255) and there is a machine on the > LAN at the same IP address as the exchange server on the corporate LAN. It sounds like the VPN client software needs to have the "access local network" feature turned off on the workstations. Dan - - - - - "I do not fear computer, I fear the lack of them." -- Isaac Asimov -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBrpMiNiBNyqUzGb8RAi1QAJ0XS3oul8s1kEeCKQ+6NcGlpFXMlQCeK3KX 4+25nU/46E+H5XkiiFS2a8o= =fLtQ -----END PGP SIGNATURE----- From jef at linuxbe.org Thu Dec 2 03:26:23 2004 From: jef at linuxbe.org (Jean-Francois Dive) Date: Thu, 2 Dec 2004 09:26:23 +0100 Subject: [VPN] VPN with Exchange issue In-Reply-To: <41AD1AF5.4010403@dube.net> References: <41AD1AF5.4010403@dube.net> Message-ID: <20041202082623.GA8807@gnoll.ath.cx> setup the vpn such as there is a dedicated tunnel for the ip address of the exchange server (and leave the rest for other access), this should install, in theory a host route for exchange server to the virtual adapter and make the problem less lickely to occur due to routing problem. I only make asumption that the shiva client works as most of it's conterparts, beeing by installing a virtual adapter. On Tue, Nov 30, 2004 at 08:14:29PM -0500, Dube, Paul wrote: > Greetings all, > I have a client that is presenting me with a new issue for which I do > not yet have all the facts. I will be on site tomorrow and hope to at > least get those. However, from what I have gathered so far, they are > using Outlook and Exchange with a custom developed application using > public folders. The data in the public folders must be available when > not connected so it must use the 'available offline' aspect of that > combination. > I am not completely familiar with Outlook/Exchange but I believe that > this synchronization of content only transpires when using the native > connect mode which is not commonly available without a VPN. My client is > using the Shiva VPN client to connect to the LAN and access the Exchange > server. The issue arises when they are in a hotel or other location with > a LAN in the same subnet (192.169.1.255) and there is a machine on the > LAN at the same IP address as the exchange server on the corporate LAN. > I am wondering if simply putting the Exchange server on an IP unlikely > to be assigned to a machine on another LAN, using a reserved address and > 1-1 NAT, or routing the connection over an SSH redirect would be a > workable solution. I am also wondering if the issue only arises due to > an oversight in initial implementation and the Shiva VPN can be > configured to route all requests on the specified ports over the VPN to > a remote machine, ignoring any local machine with the same IP address. > > Thank in advance, > Paul Dube > > Paul Dube > begin:vcard > fn:Paul Dube > n:Dube;Paul > adr:;;68 Radtke Road;Randolph;NJ;07869-3813;USA > email;internet:paul at dube.us > tel;home:973.537.7017 > tel;cell:973.886.4889 > note;quoted-printable:i-Name:=0D=0A= > =0D=0A= > HTML Link/HTML Link Code=0D=0A= > =3Dpaul.dube=0D=0A= > =3Dpaul.dube=0D=0A= > =0D=0A= > Plain Text Link=0D=0A= > http://public.xdi.org/=3Dpaul.dube=0D=0A= > =0D=0A= > Reachable via SIP:=0D=0A= > 011 0 393 225562 from Vonage=0D=0A= > 225562 FWD (226598)=0D=0A= > 0451 225562 from Packet8=0D=0A= > 1(700)9 225562 from Asterisk Exchange (IAXTEL)=0D=0A= > **393 225562 from IConnectHere, CallUK, IPTel, InterViVo=0D=0A= > PaulDube Skype=0D=0A= > Reachable via IM:=0D=0A= > PaulRDubeJr - AIM=0D=0A= > 162492218 - ICQ=0D=0A= > PaulDube - Yahoo=0D=0A= > PaulRDube at hotmail.com - MSNM=0D=0A= > PSTN:=0D=0A= > 973-886-4889 cell=0D=0A= > 973-537-7017 home = > =0D=0A= > 877-780-9920 business voicemail=0D=0A= > 877-780-9920 Fax=0D=0A= > FWD SIP User Name: 226598=0D=0A= > > x-mozilla-html:FALSE > url:http://www.pauldube.net > version:2.1 > end:vcard > > _______________________________________________ > VPN mailing list > VPN at lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/vpn -- -- -> Jean-Francois Dive --> jef at linuxbe.org I think that God in creating Man somewhat overestimated his ability. -- Oscar Wilde From jonscully at yahoo.com Thu Dec 2 08:05:34 2004 From: jonscully at yahoo.com (Jon Scully) Date: Thu, 2 Dec 2004 05:05:34 -0800 (PST) Subject: [VPN] Re: VPN with Exchange issue In-Reply-To: <41AD1AF5.4010403@dube.net> Message-ID: <20041202130534.28958.qmail@web12101.mail.yahoo.com> --- "Dube, Paul" wrote: > Greetings all, > I have a client that is presenting me with a new issue for which I do > > not yet have all the facts. I will be on site tomorrow and hope to at > > least get those. However, from what I have gathered so far, they are > using Outlook and Exchange with a custom developed application using > public folders. The data in the public folders must be available when > > not connected so it must use the 'available offline' aspect of that > combination. > I am not completely familiar with Outlook/Exchange but I believe that > > this synchronization of content only transpires when using the native > > connect mode which is not commonly available without a VPN. My client > is > using the Shiva VPN client to connect to the LAN and access the > Exchange > server. The issue arises when they are in a hotel or other location > with > a LAN in the same subnet (192.169.1.255) and there is a machine on > the > LAN at the same IP address as the exchange server on the corporate > LAN. > I am wondering if simply putting the Exchange server on an IP > unlikely > to be assigned to a machine on another LAN, using a reserved address > and > 1-1 NAT, or routing the connection over an SSH redirect would be a > workable solution. I am also wondering if the issue only arises due > to > an oversight in initial implementation and the Shiva VPN can be > configured to route all requests on the specified ports over the VPN > to > a remote machine, ignoring any local machine with the same IP > address. > > Thank in advance, > Paul Dube Having the same subnet on opposite ends of a VPN is a problem, almost without exception, and a common one. The best solution is, as you stated, putting the predictable side of the VPN on a not-so-common subnet. Better yet, use a range of public IP addresses that are also firewalled off from the public. (i.e. Your people are likely not to find your public IP addresses on the inside of anyone else's firewall.) Hotel 192.168.0.0/16 --> NAT/FW --> PIP/ISP --> Internet --> ISP/PIP --> FW/NAT --> VPN/PIP --> Router --> 192.168.0.0/16 Office PIP: Public IP address (e.g. not one of 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) ISP: Internet Service Provider NAT: Network Address Translation FW: Firewall With the right system the "FW/NAT --> VPN/PIP --> Router" section can be done in one unit. The point is to use the ultimate, predictable internal subnet: Public IP addresses. __________________________________ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com From KHart at helixtechnology.com Thu Dec 2 10:22:57 2004 From: KHart at helixtechnology.com (Hart, Kevin) Date: Thu, 2 Dec 2004 10:22:57 -0500 Subject: [VPN] VPN with Exchange issue Message-ID: <6FA79BD0B67DD411AAC400306E00B08C04E351D9@exchange1.helixtech.com> Paul, If the destination IP address is in the same subnet as the hotel assigned IP address, the client is going to ARP on the local network to find the Exchange server unless you assign a discrete route to the remote Exchange server with a 32 bit mask. This problem does occur with the Shiva product, but it also occurs with the Cisco VPN as well. I've been able to get around it by adding a route to the client's machine with a destination IP address of the Exchange server on the remote LAN and a gateway pointing to the DHCP assigned address on the VPN client. For Example: Local IP address assigned at hotel: 192.168.1.32 VPN assigned IP address: 192.168.50.30 Remote address of Exchange Server: 192.168.1.5 Route Statement: Route add 192.168.1.5 mask 255.255.255.255 192.168.50.30 You will probably need to add routes for your remote DNS and WINS server in the same fashion. This is definitely a cumbersome process, but it does work. If anyone has better ideas or solutions, I'd like to hear them. Thanks, Kevin -----Original Message----- From: Dube, Paul [mailto:paul at dube.net] Sent: Tuesday, November 30, 2004 8:14 PM To: vpn at lists.shmoo.com Subject: [VPN] VPN with Exchange issue Greetings all, I have a client that is presenting me with a new issue for which I do not yet have all the facts. I will be on site tomorrow and hope to at least get those. However, from what I have gathered so far, they are using Outlook and Exchange with a custom developed application using public folders. The data in the public folders must be available when not connected so it must use the 'available offline' aspect of that combination. I am not completely familiar with Outlook/Exchange but I believe that this synchronization of content only transpires when using the native connect mode which is not commonly available without a VPN. My client is using the Shiva VPN client to connect to the LAN and access the Exchange server. The issue arises when they are in a hotel or other location with a LAN in the same subnet (192.169.1.255) and there is a machine on the LAN at the same IP address as the exchange server on the corporate LAN. I am wondering if simply putting the Exchange server on an IP unlikely to be assigned to a machine on another LAN, using a reserved address and 1-1 NAT, or routing the connection over an SSH redirect would be a workable solution. I am also wondering if the issue only arises due to an oversight in initial implementation and the Shiva VPN can be configured to route all requests on the specified ports over the VPN to a remote machine, ignoring any local machine with the same IP address. Thank in advance, Paul Dube Paul Dube From roger.qian at sholodge.com Mon Dec 6 15:22:35 2004 From: roger.qian at sholodge.com (Qian, Roger) Date: Mon, 6 Dec 2004 14:22:35 -0600 Subject: [VPN] VPN solutions Message-ID: Hi All, We're doing hotel business. The hotels crossed nation want to connect the central reservation database in corporate office to get the reservations, and hotels send their availabilities updates to the database. We're going to use VPN to do this kind of 2-way communications. If set a Cisco router in corporate office and let each hotel to use client software to make such connection. How many VPN connections can have simultaneously? Is this a good way to go? Which Cisco router is better? Thanks in advance. Roger From Dana.Dawson at qwest.com Tue Dec 7 12:45:47 2004 From: Dana.Dawson at qwest.com (Dana J. Dawson) Date: Tue, 07 Dec 2004 11:45:47 -0600 Subject: [VPN] VPN solutions In-Reply-To: References: Message-ID: <41B5EC4B.8030001@qwest.com> If you're going to be using client software (as opposed to a site-to-site or router-to-router topology), then you'd be better off using a Cisco VPN 3000 series concentrator. The client-related features are better with the 3000 than they are with the IOS routers. HTH Dana Dana J. Dawson Dana.Dawson at qwest.com Sr. Staff Engineer CCIE #1937 Qwest Communications 600 Stinson Blvd., Suite 1S Minneapolis MN 55413-2620 "Hard is where the money is." Qian, Roger wrote: > Hi All, > We're doing hotel business. The hotels crossed nation want to connect > the central reservation database in corporate office to get the > reservations, and hotels send their availabilities updates to the > database. We're going to use VPN to do this kind of 2-way > communications. > If set a Cisco router in corporate office and let each hotel to use > client software to make such connection. How many VPN connections can > have simultaneously? Is this a good way to go? Which Cisco router is > better? > > Thanks in advance. > > Roger From exo_wa at yahoo.com Tue Dec 7 14:05:49 2004 From: exo_wa at yahoo.com (Exo Wa) Date: Tue, 7 Dec 2004 11:05:49 -0800 (PST) Subject: [VPN] NetScreen-5GT Message-ID: <20041207190549.14973.qmail@web21001.mail.yahoo.com> Hi I have a NetScreen-5GT firewall with just a few PCs sitting behind it. I notice that the memory usage is almost up to 50%. Eventhough it's still in the green zone, I am bit concerned. How can just a few PCs use up so much memory? Is this normal? If not, how i can i reduce it? What would the effect be if i reduce it? JUST a bit of a comparison: My other firewall is Netscreen25. There are almost 100 clients sitting behind it but it never uses more than 25% of the total memory. Any help on this would be much appreciated. -Exo __________________________________ Do you Yahoo!? All your favorites on one personal page ? Try My Yahoo! http://my.yahoo.com From paul at dube.net Wed Dec 8 07:36:25 2004 From: paul at dube.net (Dube, Paul) Date: Wed, 08 Dec 2004 07:36:25 -0500 Subject: [VPN] VPN with Exchange issue In-Reply-To: <6FA79BD0B67DD411AAC400306E00B08C04E351D9@exchange1.helixtech.com> References: <6FA79BD0B67DD411AAC400306E00B08C04E351D9@exchange1.helixtech.com> Message-ID: <41B6F549.9020406@dube.net> Thanks Kevin & all who replied, I am new to the list and was not aware of the 'reply directly to responder' rule. Since this contains new information, I am sure it will hit the list and I wanted everyone to know I was grateful. I recently discovered that the client is using the Netscreen VPN client and I do not see anywhere I can specify a route or the execution of a batch file. If I replace the Netscreen startup with a batch file, will that do the same thing? Thanks in advance, Paul Hart, Kevin wrote: > Paul, > > If the destination IP address is in the same subnet as the hotel assigned IP > address, the client is going to ARP on the local network to find the > Exchange server unless you assign a discrete route to the remote Exchange > server with a 32 bit mask. > This problem does occur with the Shiva product, but it also occurs with the > Cisco VPN as well. I've been able to get around it by adding a route to the > client's machine with a destination IP address of the Exchange server on the > remote LAN and a gateway pointing to the DHCP assigned address on the VPN > client. > > For Example: > > Local IP address assigned at hotel: 192.168.1.32 > VPN assigned IP address: 192.168.50.30 > Remote address of Exchange Server: 192.168.1.5 > > Route Statement: Route add 192.168.1.5 mask 255.255.255.255 192.168.50.30 > > You will probably need to add routes for your remote DNS and WINS server in > the same fashion. > > This is definitely a cumbersome process, but it does work. If anyone has > better ideas or solutions, I'd like to hear them. > > Thanks, > Kevin > > > > > -----Original Message----- > From: Dube, Paul [mailto:paul at dube.net] > Sent: Tuesday, November 30, 2004 8:14 PM > To: vpn at lists.shmoo.com > Subject: [VPN] VPN with Exchange issue > > Greetings all, > I have a client that is presenting me with a new issue for which I do > not yet have all the facts. I will be on site tomorrow and hope to at > least get those. However, from what I have gathered so far, they are > using Outlook and Exchange with a custom developed application using > public folders. The data in the public folders must be available when > not connected so it must use the 'available offline' aspect of that > combination. > I am not completely familiar with Outlook/Exchange but I believe that > this synchronization of content only transpires when using the native > connect mode which is not commonly available without a VPN. My client is > using the Shiva VPN client to connect to the LAN and access the Exchange > server. The issue arises when they are in a hotel or other location with > a LAN in the same subnet (192.169.1.255) and there is a machine on the > LAN at the same IP address as the exchange server on the corporate LAN. > I am wondering if simply putting the Exchange server on an IP unlikely > to be assigned to a machine on another LAN, using a reserved address and > 1-1 NAT, or routing the connection over an SSH redirect would be a > workable solution. I am also wondering if the issue only arises due to > an oversight in initial implementation and the Shiva VPN can be > configured to route all requests on the specified ports over the VPN to > a remote machine, ignoring any local machine with the same IP address. > > Thank in advance, > Paul Dube > > Paul Dube > _______________________________________________ > VPN mailing list > VPN at lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/vpn > -------------- next part -------------- A non-text attachment was scrubbed... Name: paul.vcf Type: text/x-vcard Size: 1065 bytes Desc: not available Url : http://lists.shmoo.com/pipermail/vpn/attachments/20041208/4a38c0fc/attachment.vcf From tdeshetler at cambridgeinc.com Wed Dec 8 09:12:09 2004 From: tdeshetler at cambridgeinc.com (Todd DeShetler) Date: Wed, 8 Dec 2004 08:12:09 -0600 Subject: [VPN] NetScreen-5GT Message-ID: <2B287E3EE8949B4BB02458BEFF06EE510C2222@mail.cambridgeinc.com> Hey everyone, Have a quick question that you may have experience with. We have several satellite offices around the country that have a maximum of 4 people working from each office. The goal is to move them into a VPN tunnel allowing each user better access to the corporate office servers. We've researched the extensively, and are currently leaning towards a VPN solution from a carrier versus ordering standard T1's, purchasing the equipment and setting up the tunnels ourselves. The provider says they can manage a full solution with T1's at each site for about $750 a month. Question is, am I exploring all possibilities? We need security and MPLS, as the connection will server both phone and data. Thanks in advance for all of your help, Todd -----Original Message----- From: vpn-bounces+tdeshetler=cambridgeinc.com at lists.shmoo.com [mailto:vpn-bounces+tdeshetler=cambridgeinc.com at lists.shmoo.com] On Behalf Of Exo Wa Sent: Tuesday, December 07, 2004 1:06 PM To: vpn at lists.shmoo.com Subject: [VPN] NetScreen-5GT Hi I have a NetScreen-5GT firewall with just a few PCs sitting behind it. I notice that the memory usage is almost up to 50%. Eventhough it's still in the green zone, I am bit concerned. How can just a few PCs use up so much memory? Is this normal? If not, how i can i reduce it? What would the effect be if i reduce it? JUST a bit of a comparison: My other firewall is Netscreen25. There are almost 100 clients sitting behind it but it never uses more than 25% of the total memory. Any help on this would be much appreciated. -Exo __________________________________ Do you Yahoo!? All your favorites on one personal page - Try My Yahoo! http://my.yahoo.com _______________________________________________ VPN mailing list VPN at lists.shmoo.com http://lists.shmoo.com/mailman/listinfo/vpn From KHart at helixtechnology.com Wed Dec 8 17:15:33 2004 From: KHart at helixtechnology.com (Hart, Kevin) Date: Wed, 8 Dec 2004 17:15:33 -0500 Subject: [VPN] VPN with Exchange issue Message-ID: <6FA79BD0B67DD411AAC400306E00B08C04E351FA@exchange1.helixtech.com> Paul, The route statement can be executed from a command prompt on any Windows machine. This would be done after you have connected with VPN. Kevin -----Original Message----- From: Dube, Paul [mailto:paul at dube.net] Sent: Wednesday, December 08, 2004 7:36 AM To: Hart, Kevin Cc: vpn at lists.shmoo.com Subject: Re: [VPN] VPN with Exchange issue Thanks Kevin & all who replied, I am new to the list and was not aware of the 'reply directly to responder' rule. Since this contains new information, I am sure it will hit the list and I wanted everyone to know I was grateful. I recently discovered that the client is using the Netscreen VPN client and I do not see anywhere I can specify a route or the execution of a batch file. If I replace the Netscreen startup with a batch file, will that do the same thing? Thanks in advance, Paul Hart, Kevin wrote: > Paul, > > If the destination IP address is in the same subnet as the hotel assigned IP > address, the client is going to ARP on the local network to find the > Exchange server unless you assign a discrete route to the remote Exchange > server with a 32 bit mask. > This problem does occur with the Shiva product, but it also occurs with the > Cisco VPN as well. I've been able to get around it by adding a route to the > client's machine with a destination IP address of the Exchange server on the > remote LAN and a gateway pointing to the DHCP assigned address on the VPN > client. > > For Example: > > Local IP address assigned at hotel: 192.168.1.32 > VPN assigned IP address: 192.168.50.30 > Remote address of Exchange Server: 192.168.1.5 > > Route Statement: Route add 192.168.1.5 mask 255.255.255.255 192.168.50.30 > > You will probably need to add routes for your remote DNS and WINS server in > the same fashion. > > This is definitely a cumbersome process, but it does work. If anyone has > better ideas or solutions, I'd like to hear them. > > Thanks, > Kevin > > > > > -----Original Message----- > From: Dube, Paul [mailto:paul at dube.net] > Sent: Tuesday, November 30, 2004 8:14 PM > To: vpn at lists.shmoo.com > Subject: [VPN] VPN with Exchange issue > > Greetings all, > I have a client that is presenting me with a new issue for which I do > not yet have all the facts. I will be on site tomorrow and hope to at > least get those. However, from what I have gathered so far, they are > using Outlook and Exchange with a custom developed application using > public folders. The data in the public folders must be available when > not connected so it must use the 'available offline' aspect of that > combination. > I am not completely familiar with Outlook/Exchange but I believe that > this synchronization of content only transpires when using the native > connect mode which is not commonly available without a VPN. My client is > using the Shiva VPN client to connect to the LAN and access the Exchange > server. The issue arises when they are in a hotel or other location with > a LAN in the same subnet (192.169.1.255) and there is a machine on the > LAN at the same IP address as the exchange server on the corporate LAN. > I am wondering if simply putting the Exchange server on an IP unlikely > to be assigned to a machine on another LAN, using a reserved address and > 1-1 NAT, or routing the connection over an SSH redirect would be a > workable solution. I am also wondering if the issue only arises due to > an oversight in initial implementation and the Shiva VPN can be > configured to route all requests on the specified ports over the VPN to > a remote machine, ignoring any local machine with the same IP address. > > Thank in advance, > Paul Dube > > Paul Dube > _______________________________________________ > VPN mailing list > VPN at lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/vpn > From roger.qian at sholodge.com Wed Dec 15 16:38:18 2004 From: roger.qian at sholodge.com (Qian, Roger) Date: Wed, 15 Dec 2004 15:38:18 -0600 Subject: [VPN] VPN solutions Message-ID: Thanks Dana, if I choose site-to-site topology, which Cisco router will be good at corporate site, which one is good for remote site? Is Cisco 2600XM and Cisco 831 (or SHHO 90) a good pair of the VPN routers? Can different brand routers work together? Like Cisco to Netgear? If I configure an IOS firewall onto a 2600XM router, is this good enough for the security? Do I need to buy another PIX firewall before the router? Thanks in advance. Roger -----Original Message----- From: Dana J. Dawson [mailto:Dana.Dawson at qwest.com] Sent: Tuesday, December 07, 2004 11:46 AM Cc: vpn at lists.shmoo.com Subject: Re: [VPN] VPN solutions If you're going to be using client software (as opposed to a site-to-site or router-to-router topology), then you'd be better off using a Cisco VPN 3000 series concentrator. The client-related features are better with the 3000 than they are with the IOS routers. HTH Dana Dana J. Dawson Dana.Dawson at qwest.com Sr. Staff Engineer CCIE #1937 Qwest Communications 600 Stinson Blvd., Suite 1S Minneapolis MN 55413-2620 "Hard is where the money is." Qian, Roger wrote: > Hi All, > We're doing hotel business. The hotels crossed nation want to connect > the central reservation database in corporate office to get the > reservations, and hotels send their availabilities updates to the > database. We're going to use VPN to do this kind of 2-way > communications. > If set a Cisco router in corporate office and let each hotel to use > client software to make such connection. How many VPN connections can > have simultaneously? Is this a good way to go? Which Cisco router is > better? > > Thanks in advance. > > Roger _______________________________________________ VPN mailing list VPN at lists.shmoo.com http://lists.shmoo.com/mailman/listinfo/vpn From pratheep_inn at yahoo.co.in Tue Dec 28 10:48:42 2004 From: pratheep_inn at yahoo.co.in (pradeep kumar) Date: Tue, 28 Dec 2004 15:48:42 +0000 (GMT) Subject: [VPN] Using freeswan Message-ID: <20041228154842.59333.qmail@web8401.mail.in.yahoo.com> Hi all, I am new to VPN and can anyone tell me how to access the resources the resources on the other side of the network in a freeswan VPN. What should be used in the client side to access the resources on the other side.. Thanks in advance....and eagerly waiting for your reply. Yahoo! India Matrimony: Find your life partneronline. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.shmoo.com/pipermail/vpn/attachments/20041228/fa964dd7/attachment.htm