Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
6
Replies

Emails through PIX VPN

g.leonard
Level 1
Level 1

‎03-19-2004 04:28 AM - edited ‎02-21-2020 01:04 PM

I want to set up a VPN between two sites using a PIX to PIX vpn tunnel. An Exchange 5.5 server with some Outlook clients sits in site 1 and Outlook clients only sit in site 2. What would be the best way of setting this up so that the clients in site 2 can access mails sent to them by clients in site 1?

TIA

Labels:
0 Helpful
6 Replies 6

jmia
Level 7
Level 7

‎03-19-2004 04:31 AM

Gary,

Here is a very good document on PIX site-to-site configuration using IPSec.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml

Hope this helps,

Jay

0 Helpful

g.leonard
Level 1
Level 1
In response to jmia

‎03-19-2004 05:16 AM

Cheers Jay, looks like the deal. Presumably I would just permit SMTP traffic between the real server IP and the real client(s) IP in the interesting traffic ACLs on each PIX?

0 Helpful

mostiguy
Level 6
Level 6

‎03-19-2004 04:57 AM

a point to point ipsec tunnel will effectively act like a direct physical link between the two sites. You just need to treat the remote office like any other new subnet. WIll you have any servers at the remote site? If you do, make one a wins and dns server, and configure replication between it and the wins and dns server at the main office with the exchange server. That should take care of all name resolution issues.

Having a domain controller at the remote office is also a best practice

0 Helpful

g.leonard
Level 1
Level 1
In response to mostiguy

‎03-19-2004 05:28 AM

The 2 sites will use different IP network classes. Will this cause a problem with routing between them?

Unfortunately the remote site just has a couple of PC's, no servers. I suppose the remote client will have to authenticate on the main domain to access exchange? What would you suggest?

0 Helpful

jmia
Level 7
Level 7
In response to g.leonard

‎03-19-2004 05:48 AM

Gary,

No you'll not have any problems with having 2 different IP address/network. The remote site can authenticate to the primary domain via the VPN tunnel.

Hope this helps,

Jay

0 Helpful

g.leonard
Level 1
Level 1
In response to jmia

‎03-19-2004 06:00 AM

Cheers Jay, thought that probably would be the case - set up somehing similar a while ago. I suppose the PIXs act as a simple router as they are connected to different subnets? Would you know what nasty ports I would have to add to the interesting ACL to get the clients logged onto the domain.

0 Helpful
Customers Also Viewed These Support Documents