W2K - VPN & OWA
Thread Starter
Joined: May 2000
Posts: 16,980
Likes: 15
From: From far, far away...
Maybe I've forgotten summat but is it possible to allow OWA access to a user but NOT VPN?
'cos it seems to me that you can't...
I'm not sure that setting up a policy in RAS will overcome this problem but I may be wrong, 'cos I think that it is both an OWA & VPN thingy...
Ideas?
'cos it seems to me that you can't...
I'm not sure that setting up a policy in RAS will overcome this problem but I may be wrong, 'cos I think that it is both an OWA & VPN thingy...
Ideas?
Scooby Regular
Joined: Nov 1999
Posts: 10,504
Likes: 1
From: Scotland, UK
They need a way into your LAN, so either it's port-forwarding on your firewall to the OWA box, VPN tunneling or some form of dial-up (RAS, Shiva box, etc..)
Can't think of any other ways at the moment.
Stefan
Can't think of any other ways at the moment.
Stefan
Scooby Regular
Joined: Mar 2003
Posts: 831
Likes: 0
From: LA LA Land
We run OWA here in the office yet Routing and remote access is not configured.
Do a port redirection on the firewall for port 80 (http) to the webserver that runs OWA. (ensuring you are pointing to the correct IP if the server has more than one!)
Then the user points the webbrowser at the IP address and the Virtual Directory for exchnage
For example (internal class C address for the example)
http://192.168.10.1/exchange
This will then require the user to authenticate using domain ID and Password ( have seen it a few times that the users must enter username of "DOMAIN\Username")
Hope this helps
J
Do a port redirection on the firewall for port 80 (http) to the webserver that runs OWA. (ensuring you are pointing to the correct IP if the server has more than one!)
Then the user points the webbrowser at the IP address and the Virtual Directory for exchnage
For example (internal class C address for the example)
http://192.168.10.1/exchange
This will then require the user to authenticate using domain ID and Password ( have seen it a few times that the users must enter username of "DOMAIN\Username")
Hope this helps
J
Scooby Regular
Joined: Nov 2001
Posts: 2,576
Likes: 0
We do what James wants I think?
Certain vpn users are allowed access to a subset of servers using certain ports.
I suppose you want a owa user access to the exchange server on port 80 only?
We do this with Firewall1 rules, can't remember what vpn setup you have though :-|
H
Certain vpn users are allowed access to a subset of servers using certain ports.
I suppose you want a owa user access to the exchange server on port 80 only?
We do this with Firewall1 rules, can't remember what vpn setup you have though :-|
H
Trending Topics
Scooby Regular
Joined: Nov 1999
Posts: 10,504
Likes: 1
From: Scotland, UK
If you use a VPN you don't need port-forwarding. Ideally you'd want to use a VPN, but restrict the users access using the firewall configuration. All depends on which firewall you're using and if your VPN and Firewall service is provided by one server.
Port forwarding isn't the most secure and ideally you want it in a DMZ if you have to use it. I would also suggest changing the default listening port to something uncommon. This is a simple way to avoid anyone having a go if the only scan well known ports.
We use port-forwarding ourselves as the users don't want to use VPN's since they may want to access e-mail from customer sites or even an Internet Cafe.
Stefan
Port forwarding isn't the most secure and ideally you want it in a DMZ if you have to use it. I would also suggest changing the default listening port to something uncommon. This is a simple way to avoid anyone having a go if the only scan well known ports.
We use port-forwarding ourselves as the users don't want to use VPN's since they may want to access e-mail from customer sites or even an Internet Cafe.
Stefan
Thread
Thread Starter
Forum
Replies
Last Post
ozzy
Computer & Technology Related
9
Oct 28, 2002 10:57 AM