Solved

NATing to a machine situated over a VPN

Posted on 2008-10-14
5
297 Views
Last Modified: 2013-11-16
We have our data centre connected via a WES to our head office and mail server.  When this link fails we have a VPN configured for use as failover.

Our MX record points towards the data centre so I am wondering if there is a way that when the WES fails I am still able to use get mail to the mail server that now resides over a VPN?
0
Comment
Question by:wanstor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22717874
As I understand you normally use the MX IP which is a public IP to get your emails when your normal web connection is available; when the connection fails as you are VPN tunnel I think you need to use internal IP of server, rather than the public IP; if this is the case, you can configure your DNS to resolve the mail server on private IP as well; this would ensure that the clients would try both the IP addresses.

Thank you.
0
 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22719639
You could try creating a second MX record with a higher prio. The lowest prio will be tried first. If it's succesful then it's delivered. If it's unsuccesful it will try the next IP.

I'm not completely sure I understood the question correctly, but I think this the solution you are looking for.

JG
0
 
LVL 1

Author Comment

by:wanstor
ID: 22719722
I am aware that I can have a secondary MX record and I have that in place.  It's more so the idea of having an external address at our data centre NAT'ed from a machine down a VPN.  



Remote Site-------------------------------Data Centre
                                 VPN
Internal Server IP                                  External IP
192.168.1.1----------------------------------1.1.1.1


       
0
 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22719771
I don't quite understand why you would do that. Maybe I still don't quite understand your question....

I would think that you would have the external IP address for your mailserver as your 'primary' MX and the internal IP address (i.e. the address that would be able to reach over the tunnel) as your 'secondary 'MX.

This way when your server is unreachable over it's external IP it would fall back to it's secondary, the internal IP and go through the tunnel.
0
 
LVL 1

Accepted Solution

by:
wanstor earned 0 total points
ID: 22722575
This is one of our clients sites and they have a 100mb WES to the data centre which has an equal pipe to the web as opposed to ADSL.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DHCP and Internet Access Issue Cisco 4331 Router 9 65
Config NAT/PAT while having sub interface config on router. 8 33
logon script 9 75
Layer 3 switch recommendation 15 56
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question