Solved

NATing to a machine situated over a VPN

Posted on 2008-10-14
5
293 Views
Last Modified: 2013-11-16
We have our data centre connected via a WES to our head office and mail server.  When this link fails we have a VPN configured for use as failover.

Our MX record points towards the data centre so I am wondering if there is a way that when the WES fails I am still able to use get mail to the mail server that now resides over a VPN?
0
Comment
Question by:wanstor
  • 2
  • 2
5 Comments
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
As I understand you normally use the MX IP which is a public IP to get your emails when your normal web connection is available; when the connection fails as you are VPN tunnel I think you need to use internal IP of server, rather than the public IP; if this is the case, you can configure your DNS to resolve the mail server on private IP as well; this would ensure that the clients would try both the IP addresses.

Thank you.
0
 
LVL 8

Expert Comment

by:Jay_Gridley
Comment Utility
You could try creating a second MX record with a higher prio. The lowest prio will be tried first. If it's succesful then it's delivered. If it's unsuccesful it will try the next IP.

I'm not completely sure I understood the question correctly, but I think this the solution you are looking for.

JG
0
 
LVL 1

Author Comment

by:wanstor
Comment Utility
I am aware that I can have a secondary MX record and I have that in place.  It's more so the idea of having an external address at our data centre NAT'ed from a machine down a VPN.  



Remote Site-------------------------------Data Centre
                                 VPN
Internal Server IP                                  External IP
192.168.1.1----------------------------------1.1.1.1


       
0
 
LVL 8

Expert Comment

by:Jay_Gridley
Comment Utility
I don't quite understand why you would do that. Maybe I still don't quite understand your question....

I would think that you would have the external IP address for your mailserver as your 'primary' MX and the internal IP address (i.e. the address that would be able to reach over the tunnel) as your 'secondary 'MX.

This way when your server is unreachable over it's external IP it would fall back to it's secondary, the internal IP and go through the tunnel.
0
 
LVL 1

Accepted Solution

by:
wanstor earned 0 total points
Comment Utility
This is one of our clients sites and they have a 100mb WES to the data centre which has an equal pipe to the web as opposed to ADSL.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now