Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 306
  • Last Modified:

NATing to a machine situated over a VPN

We have our data centre connected via a WES to our head office and mail server.  When this link fails we have a VPN configured for use as failover.

Our MX record points towards the data centre so I am wondering if there is a way that when the WES fails I am still able to use get mail to the mail server that now resides over a VPN?
0
wanstor
Asked:
wanstor
  • 2
  • 2
1 Solution
 
dpk_walCommented:
As I understand you normally use the MX IP which is a public IP to get your emails when your normal web connection is available; when the connection fails as you are VPN tunnel I think you need to use internal IP of server, rather than the public IP; if this is the case, you can configure your DNS to resolve the mail server on private IP as well; this would ensure that the clients would try both the IP addresses.

Thank you.
0
 
Jay_GridleyCommented:
You could try creating a second MX record with a higher prio. The lowest prio will be tried first. If it's succesful then it's delivered. If it's unsuccesful it will try the next IP.

I'm not completely sure I understood the question correctly, but I think this the solution you are looking for.

JG
0
 
wanstorAuthor Commented:
I am aware that I can have a secondary MX record and I have that in place.  It's more so the idea of having an external address at our data centre NAT'ed from a machine down a VPN.  



Remote Site-------------------------------Data Centre
                                 VPN
Internal Server IP                                  External IP
192.168.1.1----------------------------------1.1.1.1


       
0
 
Jay_GridleyCommented:
I don't quite understand why you would do that. Maybe I still don't quite understand your question....

I would think that you would have the external IP address for your mailserver as your 'primary' MX and the internal IP address (i.e. the address that would be able to reach over the tunnel) as your 'secondary 'MX.

This way when your server is unreachable over it's external IP it would fall back to it's secondary, the internal IP and go through the tunnel.
0
 
wanstorAuthor Commented:
This is one of our clients sites and they have a 100mb WES to the data centre which has an equal pipe to the web as opposed to ADSL.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now