[VPN] VPN with Exchange issue
Dube, Paul
paul at dube.net
Wed Dec 8 07:36:25 EST 2004
Thanks Kevin & all who replied, I am new to the list and was not aware
of the 'reply directly to responder' rule. Since this contains new
information, I am sure it will hit the list and I wanted everyone to
know I was grateful.
I recently discovered that the client is using the Netscreen VPN client
and I do not see anywhere I can specify a route or the execution of a
batch file. If I replace the Netscreen startup with a batch file, will
that do the same thing?
Thanks in advance,
Paul
Hart, Kevin wrote:
> Paul,
>
> If the destination IP address is in the same subnet as the hotel assigned IP
> address, the client is going to ARP on the local network to find the
> Exchange server unless you assign a discrete route to the remote Exchange
> server with a 32 bit mask.
> This problem does occur with the Shiva product, but it also occurs with the
> Cisco VPN as well. I've been able to get around it by adding a route to the
> client's machine with a destination IP address of the Exchange server on the
> remote LAN and a gateway pointing to the DHCP assigned address on the VPN
> client.
>
> For Example:
>
> Local IP address assigned at hotel: 192.168.1.32
> VPN assigned IP address: 192.168.50.30
> Remote address of Exchange Server: 192.168.1.5
>
> Route Statement: Route add 192.168.1.5 mask 255.255.255.255 192.168.50.30
>
> You will probably need to add routes for your remote DNS and WINS server in
> the same fashion.
>
> This is definitely a cumbersome process, but it does work. If anyone has
> better ideas or solutions, I'd like to hear them.
>
> Thanks,
> Kevin
>
>
>
>
> -----Original Message-----
> From: Dube, Paul [mailto:paul at dube.net]
> Sent: Tuesday, November 30, 2004 8:14 PM
> To: vpn at lists.shmoo.com
> Subject: [VPN] VPN with Exchange issue
>
> Greetings all,
> I have a client that is presenting me with a new issue for which I do
> not yet have all the facts. I will be on site tomorrow and hope to at
> least get those. However, from what I have gathered so far, they are
> using Outlook and Exchange with a custom developed application using
> public folders. The data in the public folders must be available when
> not connected so it must use the 'available offline' aspect of that
> combination.
> I am not completely familiar with Outlook/Exchange but I believe that
> this synchronization of content only transpires when using the native
> connect mode which is not commonly available without a VPN. My client is
> using the Shiva VPN client to connect to the LAN and access the Exchange
> server. The issue arises when they are in a hotel or other location with
> a LAN in the same subnet (192.169.1.255) and there is a machine on the
> LAN at the same IP address as the exchange server on the corporate LAN.
> I am wondering if simply putting the Exchange server on an IP unlikely
> to be assigned to a machine on another LAN, using a reserved address and
> 1-1 NAT, or routing the connection over an SSH redirect would be a
> workable solution. I am also wondering if the issue only arises due to
> an oversight in initial implementation and the Shiva VPN can be
> configured to route all requests on the specified ports over the VPN to
> a remote machine, ignoring any local machine with the same IP address.
>
> Thank in advance,
> Paul Dube
>
> Paul Dube <paul at dube.us>
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: paul.vcf
Type: text/x-vcard
Size: 1065 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20041208/4a38c0fc/attachment.vcf
More information about the VPN
mailing list