Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Accsseing E-mails

Posted on 2006-11-16
12
Medium Priority
?
508 Views
Last Modified: 2010-08-05
Hi,

We are working on a single location with a single AD Domain called aaa.com.But only for the people while they are away for travelling we are using RSA SecurID for connecting to our network. Now some of the users that use their laptops to connect to our network using RSA SecurID finding it difficult for accssing their e-mails or folders after RSA SecurID passed the authentication. I do not know is there anything still we have to set up for users to send/receive e-mails and connect to the servers.

We are running a netscreen box as a firewall and the router to come in to our network.

We got the following servers.
One Domain Controller, which is actins as DHCP and DNS
One Exchange Server 2003
2 File Servers etc.

Could you please find a solution for this problem.

Thanks in advance

Sujith
0
Comment
Question by:sujith_siva
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17956534
what kind of problems are they having? any errors or anything?
wht do you mean they are only using the aaa.com domain when they are away traveling?  why aren't they using your 'regular' domain when they are away?
are the laptops in question on the domain?
are the users logging into the domain on their laptops?
how are they tring to access email? what program? Outlook? outlook web access?
if using outlook, what protocol are they using to access email? pop3, mapi etc?
0
 

Author Comment

by:sujith_siva
ID: 17956896
There is no error message comes up only message is "Authorisation Failed" try later, but sometimes it will connect
and people can send/recieve e-mails sometimes don't.

The domain I am mentioning is the regular domain we are running in a single domain environment.
It does not connect to the mail server for send/recieve mails.
All the laptops are connected to the Domain getting an ip address from a DHCP server which is inside a firewall in the private LAN.Users are trying to log on to the domain by using RSA SecurID.And by looking at the RSA SecurID we can see that at what time they are trying and if the authentication is successful or failure.We are pretty sure that RSA SecurID authentication has any kind of problems.When the RSA SecurID authenticate users can connect to our exchange server and all the files and folders.

RSASecurID ask for the Token Number + paascode and the User name.
Once that part done it will allow you to your files and folders and e-mails(Outlook 2003 os the mail client).

As I said the netscreen box ix the firewall/router for connecting to our internal network.

thanks in advance

0
 
LVL 7

Expert Comment

by:dlangr
ID: 17961477
it is probably your netscreen not letting some ports trough, as some are dynamic, request may sometimes work an sometimes not, like you described. Easiest thing is to use the https service of exchange. see http://www.msexchange.org/tutorials/outlookrpchttp.html
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Expert Comment

by:dlangr
ID: 17961482
Easiest as you would only have to open up the https port. I would recommend the use of a VPN in combination with the https. Not sure if you have an VPN now.
0
 

Author Comment

by:sujith_siva
ID: 17963657
We don't have any VPN yet.How can I setup any VPN connection to allow the computers to speak with our local network .

Also our company have not running any Certificate services for authentication and I believe we need to run any Certificate services for running HTTPS.


 Any idea to open the port for easy comminication by using netscreen box.

all responses will be appreciated.

thanks
suj
0
 
LVL 9

Expert Comment

by:tim1731
ID: 17964502
options,

1.get a spare pc install sslexplorer on it and open a port on the firewall (443) and configure the users for it(free)
2.Install a cert on exchange and use ssl to access the exchange server(£30-200)
3.Buy a sonicwall ssl vpn device or netscreen ssl device and use it with the rsa device (£200-1800 depends on model)
4.Buy the remote client for the netscreen and setup vpn access (£87 for 10 concurrent users)
0
 

Author Comment

by:sujith_siva
ID: 17967880
We are already  installed the netscreen ns25 box as firewall/NAT/VPN and have 10 licenses.
But for installing a certificate in Exchange Server I have few queries?
If in any case if we want to change the name of the exchange server does this certificate allows to change the whole settings?
Does this certificate affect our DC if we want to rename it or change the location of the DC?

Is there anyway we can install VPN Policies on our netscreen box and how???

all inputs will be appreciated
thanks in advance

suj
0
 
LVL 9

Accepted Solution

by:
tim1731 earned 500 total points
ID: 17968333
Netscreen = http://kb.juniper.net/CUSTOMERSERVICE/index?page=kbdetail&record_id=0244022611e8310108012c3c1901995

Cert for mail server is installed on the mail server and if you change the mail server you will need a new cert

http://www.startcom.org/ this will get you a free ssl cert
0
 
LVL 7

Assisted Solution

by:dlangr
dlangr earned 500 total points
ID: 17972866
- the certificate only needs to change if the fqdn you are running the website on changes. Not if you have a new machine, you would then just reinstall the certificate. also not if the machine changes it name. just when the url the clients access changes.
- no, it wont affect your ability to rename or change the location of the DC
0
 
LVL 7

Expert Comment

by:dlangr
ID: 18327461
Do you have further questions? Did our answers help? Please let us know, so others can learn from this.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question