Accessing email without VPN 1

[cyberspace]

Heres the scenario.

We currently have 2 users who connect via Symantec VPN client to our network.

The laptops are brand new, no problems at all.

I have tried to add a third laptop user to the VPN, set up the Symantec 200R, set up the client exactly as it should be, but it will not connect, and frequently crashes, if it loads at all.

On futher investigation, the previous owner of the laptop mentioned that the Symantec Client never worked on it, so I presume this is still the case.

I have tried using the windows VPN client through network connections, but this did not work (although, what settings need to be on the server?). I found it almost "too simple" to just need IP address, username and password, when there is so much config needed with the Symantec client.

Is there an alternative to accessing email? We have an exchange server.

Many thanks.

 

[fdurham]

cyberspace-

There is...

Three things you need, which I believe you have two of them.

1. Exchange Server
2. IIS
3. SSL

Now the third you can either get a certificate from Verisign or some professional authority or you can manage your own via Microsoft Certificate Services; just have to secure it. Basically all you have to do is open a port for all users outside to access port 443 on your exchange server. The SSL with encrypt the session and allow secure access from the outside. If this interests you you can email me and I can help you out with this.

I never worked with symantec VPN, but if you feel more comfortable with that scenario, I can help you out with that as well.

Frank

 

[cyberspace]

Thanks for that!

just to throw another stick in the fire..

We recently changed ISP.

Before the change, the users who now use the Symantec VPN used the standard windows client.

All that changed was the IP address, which I altered...but since then, they cannot gain access.

To be honest, the first solution does sound a little tricky, and not having much experience in the area, I would hate not to do it properly and have exhange wide open to the outside world!

I may well have overlooked a change in settings for the windows client however.

As far as I know, we do not have IIS running here.

 

[fdurham]

As far as the VPN solution, if all that changed was the IP address then it shoudl still work. I don't know the Symantec VPN solution, but as long as server doesn't ask for prook of the IP its coming from. like a reverse DNS, then it should just work.

If you are running Exchange 2000/2003 then it shoudl have IIS on the Exchange box. The solution I porposed was OWA. There are other like POP/IMAP4 over the internet with security that can also work for you.

Frank

 

[lanceja]

Questions:
1. What version of the VPN client are you using?
2. When you say the client crashes, what actually crashes?

As toward the OWA, would recommend. It is a lot easier for your users and less headaches for you. We talked to a consultant about using SSL and told us that it is an option if we want, but do not need. If you are worried about secure EMail, then you definetely need.

 

[cyberspace]

Are you familiar with the intY Exo Server? Well we have one (it's great) and this was actally what was handling the VPN's - not the Symantec (great communication eh!).

When we changed ISP, we went from 16 addresses, to 2. Which is insane. The only problem is, we used to have 3 internet facing devices -the router, the Symantec 200r and the Exo Server.

One had to be given the chop, which at the time, based on incomplete information, was the Exo Server.

This is now going to be reversed.

The reason the windows client did not work, was because it was pointing to the wrong machine.

This should be solved.

AS for crashing, the client would allow the user to log in, then disappear. Useless! This was a known issue on the old laptops and nobody could ever seem to get to the bottom of it!!

Systems Administrator
BSc Network Computing, CCNA. Both in training!