[VPN] VPN with Exchange issue

Dube, Paul paul at dube.net
Wed Dec 8 07:36:25 EST 2004


Thanks Kevin & all who replied, I am new to the list and was not aware 
of the 'reply directly to responder' rule. Since this contains new 
information, I am sure it will hit the list and I wanted everyone to 
know I was grateful.

I recently discovered that the client is using the Netscreen VPN client 
and I do not see anywhere I can specify a route or the execution of a 
batch file. If I replace the Netscreen startup with a batch file, will 
that do the same thing?

Thanks in advance,
Paul

Hart, Kevin wrote:
> Paul, 
> 
> If the destination IP address is in the same subnet as the hotel assigned IP
> address, the client is going to ARP on the local network to find the
> Exchange server unless you assign a discrete route to the remote Exchange
> server with a 32 bit mask. 
> This problem does occur with the Shiva product, but it also occurs with the
> Cisco VPN as well. I've been able to get around it by adding a route to the
> client's machine with a destination IP address of the Exchange server on the
> remote LAN and a gateway pointing to the DHCP assigned address on the VPN
> client.
> 
> For Example:
> 
> Local IP address assigned at hotel: 192.168.1.32
> VPN assigned IP address: 192.168.50.30
> Remote address of Exchange Server: 192.168.1.5
> 
> Route Statement: Route add 192.168.1.5 mask 255.255.255.255 192.168.50.30 
> 
> You will probably need to add routes for your remote DNS and WINS server in
> the same fashion.
> 
> This is definitely a cumbersome process, but it does work. If anyone has
> better ideas or solutions, I'd like to hear them.
> 
> Thanks,
> Kevin
> 
> 
> 
> 
> -----Original Message-----
> From: Dube, Paul [mailto:paul at dube.net] 
> Sent: Tuesday, November 30, 2004 8:14 PM
> To: vpn at lists.shmoo.com
> Subject: [VPN] VPN with Exchange issue
> 
> Greetings all,
> I have a client that is presenting me with a new issue for which I do 
> not yet have all the facts. I will be on site tomorrow and hope to at 
> least get those. However, from what I have gathered so far, they are 
> using Outlook and Exchange with a custom developed application using 
> public folders. The data in the public folders must be available when 
> not connected so it must use the 'available offline' aspect of that 
> combination.
> I am not completely familiar with Outlook/Exchange but I believe that 
> this synchronization of content only transpires when using the native 
> connect mode which is not commonly available without a VPN. My client is 
> using the Shiva VPN client to connect to the LAN and access the Exchange 
> server. The issue arises when they are in a hotel or other location with 
> a LAN in the same subnet (192.169.1.255) and there is a machine on the 
> LAN at the same IP address as the exchange server on the corporate LAN.
> I am wondering if simply putting the Exchange server on an IP unlikely 
> to be assigned to a machine on another LAN, using a reserved address and 
> 1-1 NAT, or routing the connection over an SSH redirect would be a 
> workable solution. I am also wondering if the issue only arises due to 
> an oversight in initial implementation and the Shiva VPN can be 
> configured to route all requests on the specified ports over the VPN to 
> a remote machine, ignoring any local machine with the same IP address.
> 
> Thank in advance,
> Paul Dube
> 	
> Paul Dube <paul at dube.us>
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: paul.vcf
Type: text/x-vcard
Size: 1065 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20041208/4a38c0fc/attachment.vcf 


More information about the VPN mailing list