Solved

Outlook VPN Connectivity

Posted on 2007-12-06
6
528 Views
Last Modified: 2012-05-05
Hi all,

I have a persistent hardware VPN tunnel which links a remote office to the main office. I cannot connect outlook clients over RPC as the exchange server uses a different gateway, not the hardware VPN router. I had planned to use RPC over HTTP however after attempting to implement it, i cannot get the machines to connect via HTTPS - all I get it the DIrectory Services via TCP to the DC (uses the VPN router gateway). I cannot seem to get it to use HTTPS only despite having both Fast and Slow boxes checked. I've installed the internal SSL certificate to the remote machines and can authenticate to the RPC directory. Any ideas?

Thanks,
0
Comment
Question by:lsmi4126
  • 3
6 Comments
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20425837
For the tunnel VPN, you should add a persistent route.  This tells Exchange where to route traffic to for the connected network.  You should add this route to all your servers, since your VPN gateway is not a default gateway.

Use the ROUTE command.

See http://technet2.microsoft.com/WindowsServer/en/library/31bb32f5-99b7-4685-9542-24337b5deb401033.mspx
0
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 500 total points
ID: 20425840
For the HTTP/RPC solution, there is a lot of info around, but we'd need to answer your issues in stages.  If the IPsec route is fine, then let's leave it there, otherwise ask away!
0
 

Author Comment

by:lsmi4126
ID: 20439151
Thanks for the info. I don't have a 2K3 box at the remote location - just a VPN router (dlink) which creates the tunnel with another identical VPN router in the office - ie the VPN tunnel terminates before any software. If i add the persistent route to the exchange server, how is this going to help requests going through the hardware VPN gateway getting to it??

I have managed to get RPC/HTTP going - it just takes a while to connect everything other than the DS through TCP. If I can get everything going down TCP it would be good though!!
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20470044
The problem I am trying to address is as follows:

Branch office:  VPN router, clients
Main office:      Servers, Exchange default router, VPN router

I'm assuming that the VPN is operating a standard IPsec tunnel VPN.  Other systems will change the way things work.  A tunnel VPN enables routing between two disconnected networks.  It should not put clients in the local subnet, as it is unaware of clients.  This is not the way mobile VPNs work, such as PPTP, L2TP/IPsec, and some firewalls.

Your clients connect to Exchange via the VPN router.  This all works fine and Exchange receives the request.  However, when Exchange replies, it replies to the original address of the client.  The route it chooses is not the VPN router, but its default route.  The default router does not know how to route the packet and the client never receives it.  Therefore, you need to instruct the Exchange server, and other servers, to direct packets to the branch network subnet via the VPN router.

Note also that the branch office subnet and the main office subnet must not overlap, otherwise you will have routing problems.

You use the ROUTE command like this:

ROUTE ADD [Branch Office Subnet] MASK [Branch Office Subnet Mask] [Main Office VPN Router IP Address] METRIC 1

This will enable replies to clients to be sent through the VPN router.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Multiple SSL on Exchange 2010 3 21
Exhange 2010 10 34
Google email problem 3 26
Export all vba modules from outlook vbaproject.otm 7 19
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question