Solved

NATing to a machine situated over a VPN

Posted on 2008-10-14
5
299 Views
Last Modified: 2013-11-16
We have our data centre connected via a WES to our head office and mail server.  When this link fails we have a VPN configured for use as failover.

Our MX record points towards the data centre so I am wondering if there is a way that when the WES fails I am still able to use get mail to the mail server that now resides over a VPN?
0
Comment
Question by:wanstor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22717874
As I understand you normally use the MX IP which is a public IP to get your emails when your normal web connection is available; when the connection fails as you are VPN tunnel I think you need to use internal IP of server, rather than the public IP; if this is the case, you can configure your DNS to resolve the mail server on private IP as well; this would ensure that the clients would try both the IP addresses.

Thank you.
0
 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22719639
You could try creating a second MX record with a higher prio. The lowest prio will be tried first. If it's succesful then it's delivered. If it's unsuccesful it will try the next IP.

I'm not completely sure I understood the question correctly, but I think this the solution you are looking for.

JG
0
 
LVL 1

Author Comment

by:wanstor
ID: 22719722
I am aware that I can have a secondary MX record and I have that in place.  It's more so the idea of having an external address at our data centre NAT'ed from a machine down a VPN.  



Remote Site-------------------------------Data Centre
                                 VPN
Internal Server IP                                  External IP
192.168.1.1----------------------------------1.1.1.1


       
0
 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22719771
I don't quite understand why you would do that. Maybe I still don't quite understand your question....

I would think that you would have the external IP address for your mailserver as your 'primary' MX and the internal IP address (i.e. the address that would be able to reach over the tunnel) as your 'secondary 'MX.

This way when your server is unreachable over it's external IP it would fall back to it's secondary, the internal IP and go through the tunnel.
0
 
LVL 1

Accepted Solution

by:
wanstor earned 0 total points
ID: 22722575
This is one of our clients sites and they have a 100mb WES to the data centre which has an equal pipe to the web as opposed to ADSL.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question