cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
931
Views
5
Helpful
15
Replies

MS Outlook Access

dianewalker
Level 1
Level 1

We have a VPN 3K Concentrator. The users would like to access Microsoft Outlook client instead of webmail through VPN. Do you have any suggestions on where I would start?

Thanks.

15 Replies 15

thomas.chen
Level 6
Level 6

For optimal security, the filters on the public interface allow only tunneled and Internet Control Message Protocol (ICMP) traffic by default but follow the link to configure outlook.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094341.shtml#topic1

Thanks for your response, Thomas. This article is to connect through WebVPN. My users would like to connect to Outlook through VPN Client. Do you have any suggestions? Thanks.

jackko
Level 7
Level 7

so remote user is trying to connect to an exchange server over vpn via outlook, right?

assuming the remote vpn doesn't have any filter and the remote user already have access via webmail, then no more configuration should be needed.

Thanks Jack. Sorry for not making it clear. My users would like to use Outlook client through VPN client, not through WebVPN. Do you have any suggestions? Thanks.

Thanks for your prompt response, Jack. I am not able to open the above link. Is it possible for you to e-mail me the PDF file or any other format? Thanks.

just wondering what's your email address.

Thanks for your prompt response, Jack. My e-mail address is ett9300@yahoo.com. I appreciate you do extra work. Thank you.

please check your email account.

it's good to learn that you are moving forward with the config. please read below re: creating rules/filters in order to restrict remote vpn access:

1. configure a new rule

go configuration > policy management > traffic management > rules

rule name:

direction: inboound

action: forward

protocol: tcp

source address: network list: vpn client pool

destination address: ip address: email private ip

tcp/udp destination port: 110

in case you need more ports to be allowed, just create another rule by following the same logic. in fact, all parameters should be the same except the last one, which is the destination port number. (pop3/110, imap/143)

2. configure the filter

go configuration > policy management > traffic management > filter

click "add filter"

filter name:

default action: forward

then click "add"

select the rule you've just created and click on "add rules to filter"

add all the rules you created from #1, also the last rule to be added shall be "access_deny (drop/in)".

3. apply filter to the group

go configuration > user management > groups

select the group you created for remote vpn access and click "modify group"

select "general" tab

go to option "filter" and select the filter you created from #2 and click "apply"

also remember to save the config by clicking the "save needed" icon at the top-right corner.

Thank you, Jack. This is what I am looking for. I'll let you know how it goes. Thank you very much.

Jack,

Sorry for not being able to get back to you sooner. Thanks again for taking the extra steps. I have questions with the configuration. On number #1, line 5, what configuration do I put for the Vpn Client Pool after it is created? Where do I apply this VPN Client Pool? Thanks.

please excuse me for not explaining well, in fact, it's not necessary.

under the section "source address > ip address", enter the existing vpn client pool. the pool is created when you configure remote vpn access. to verify, go configuration > system > address management > pools.

Thanks very much for your prompt response. Your instructions work without using the "vpn client pool". Thanks very much for taking time to do this for me.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: