Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1000
Views
0
Helpful
3
Replies

VPN - Exchange Prob

raj_5454
Level 1
Level 1

‎11-28-2000 04:19 AM - edited ‎02-21-2020 11:15 AM

We have Cisco 1750 router on which we have configured VPN with our overseas office. we are able to get VPN connectivity with it. We have MS-Exchange server installed in our intranet. The exchange server site connector is configured for our overseas's office Exchange mail server. My Exchange database replication is hapening via VPN .

I want my intranet mail server to be accessed over the internet so that my office employee should be able to access the mails from residents also (i.e. over the internet). If I configure NAT on my router to get a Static IP (i.e. valid IP) for my exchange server, I don't get the VPN connectivity with my exchange server and my exchange database does not get updated with my overseas Exchange server.

Can you guide me on this

Thanks

Rajesh Rane

Labels:
0 Helpful
3 Replies 3

rbharania
Level 1
Level 1

‎12-09-2000 10:39 AM

Rajesh -

What kind of vPN are you using? I'll assume IPSEC.

Using what I understand of your problem (w/o NAT, the VPN works fine, w/NAT, VpN breaks), the first thing I'd check on both sides is to see that your crypto-maps match the post NATted address (NAT occurs before encryption on an egress interface)

debug crypto ipsec

debug crypto isakmp

are useful debug commands to see what the router is doing (or not doing, as the case may be)

Also consider the security of that host in general - if you're providing the Internet access to a host within your Intranet, if that host is compromised, it could be a jumping-off point for further attacks within your network. Any host that is visible to the Internet should at least be in a DMZ of some sort.

Chapman and Zwicky's "Building Internet Firewalls" book is a great reference for this kind of thing...

Hope this helps

-Rakesh

0 Helpful

wdrootz
Level 4
Level 4

‎12-11-2000 07:23 AM

I’d suggest starting with the firewall debugs. After that, check your NT box and see if it’s multi-homed. I’ve learned packet filter firewalls don’t like multi-homed NT boxes as they track the IP addresses, and if the source address changes it can terminate the session. If all those turn out alright I’d try sniffing the wire.

0 Helpful

net_eng_ineer
Level 1
Level 1

‎01-07-2001 05:40 AM

Here are the microsoft q articles you will need to read and interpret to implement them in your environment. This helped me with another type of VPN.

Article ID: Q155831

Article ID: Q148732

Article ID: Q180795

Article ID: Q176466

http://www.microsoft.com/ISN/faq/ports_used_nt_and_exchange.asp

THis will get you going in the right direction

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents