Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

MS Outlook Access

We have a VPN 3K Concentrator. The users would like to access Microsoft Outlook client instead of webmail through VPN. Do you have any suggestions on where I would start?

Thanks.

15 REPLIES
Silver

Re: MS Outlook Access

For optimal security, the filters on the public interface allow only tunneled and Internet Control Message Protocol (ICMP) traffic by default but follow the link to configure outlook.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094341.shtml#topic1

New Member

Re: MS Outlook Access

Thanks for your response, Thomas. This article is to connect through WebVPN. My users would like to connect to Outlook through VPN Client. Do you have any suggestions? Thanks.

Gold

Re: MS Outlook Access

so remote user is trying to connect to an exchange server over vpn via outlook, right?

assuming the remote vpn doesn't have any filter and the remote user already have access via webmail, then no more configuration should be needed.

New Member

Re: MS Outlook Access

Thanks Jack. Sorry for not making it clear. My users would like to use Outlook client through VPN client, not through WebVPN. Do you have any suggestions? Thanks.

Gold
New Member

Re: MS Outlook Access

Thanks for your prompt response, Jack. I am not able to open the above link. Is it possible for you to e-mail me the PDF file or any other format? Thanks.

Gold

Re: MS Outlook Access

just wondering what's your email address.

New Member

Re: MS Outlook Access

Thanks for your prompt response, Jack. My e-mail address is ett9300@yahoo.com. I appreciate you do extra work. Thank you.

Gold

Re: MS Outlook Access

please check your email account.

Gold

Re: MS Outlook Access

it's good to learn that you are moving forward with the config. please read below re: creating rules/filters in order to restrict remote vpn access:

1. configure a new rule

go configuration > policy management > traffic management > rules

rule name:

direction: inboound

action: forward

protocol: tcp

source address: network list: vpn client pool

destination address: ip address: email private ip

tcp/udp destination port: 110

in case you need more ports to be allowed, just create another rule by following the same logic. in fact, all parameters should be the same except the last one, which is the destination port number. (pop3/110, imap/143)

2. configure the filter

go configuration > policy management > traffic management > filter

click "add filter"

filter name:

default action: forward

then click "add"

select the rule you've just created and click on "add rules to filter"

add all the rules you created from #1, also the last rule to be added shall be "access_deny (drop/in)".

3. apply filter to the group

go configuration > user management > groups

select the group you created for remote vpn access and click "modify group"

select "general" tab

go to option "filter" and select the filter you created from #2 and click "apply"

also remember to save the config by clicking the "save needed" icon at the top-right corner.

New Member

Re: MS Outlook Access

Thank you, Jack. This is what I am looking for. I'll let you know how it goes. Thank you very much.

New Member

Re: MS Outlook Access

Jack,

Sorry for not being able to get back to you sooner. Thanks again for taking the extra steps. I have questions with the configuration. On number #1, line 5, what configuration do I put for the Vpn Client Pool after it is created? Where do I apply this VPN Client Pool? Thanks.

Gold

Re: MS Outlook Access

please excuse me for not explaining well, in fact, it's not necessary.

under the section "source address > ip address", enter the existing vpn client pool. the pool is created when you configure remote vpn access. to verify, go configuration > system > address management > pools.

New Member

Re: MS Outlook Access

Thanks very much for your prompt response. Your instructions work without using the "vpn client pool". Thanks very much for taking time to do this for me.

Gold

Re: MS Outlook Access

it's good to learn that your issue has been resolved.

according to cisco:

Why should I rate posts?

If you see a post that you think deserves recognition, please take a moment to rate it.

You'll be helping yourself and others to quickly identify useful content -- as determined by members. And you'll be ensuring that people who generously share their expertise are properly acknowledged. As posts are rated, the value of those ratings are accumulated as "points" and summarized on the Member Profile page and on each member's Preferences page.

246
Views
5
Helpful
15
Replies