W2K - VPN & OWA
20 August 2003, 02:17 PM
#1
Maybe I've forgotten summat but is it possible to allow OWA access to a user but NOT VPN?
'cos it seems to me that you can't...
I'm not sure that setting up a policy in RAS will overcome this problem but I may be wrong, 'cos I think that it is both an OWA & VPN thingy...
Ideas?
'cos it seems to me that you can't...
I'm not sure that setting up a policy in RAS will overcome this problem but I may be wrong, 'cos I think that it is both an OWA & VPN thingy...
Ideas?
20 August 2003, 02:30 PM
#2
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
James
Are you talking about some form of split tunneling, with a connection to the internet and and an encrypted connection to your office network?
Chris
Are you talking about some form of split tunneling, with a connection to the internet and and an encrypted connection to your office network?
Chris
20 August 2003, 02:52 PM
#4
Scooby Regular
They need a way into your LAN, so either it's port-forwarding on your firewall to the OWA box, VPN tunneling or some form of dial-up (RAS, Shiva box, etc..)
Can't think of any other ways at the moment.
Stefan
Can't think of any other ways at the moment.
Stefan
20 August 2003, 04:30 PM
#6
Scooby Regular
Join Date: Mar 2003
Location: LA LA Land
Posts: 831
Likes: 0
Received 0 Likes
on
0 Posts
We run OWA here in the office yet Routing and remote access is not configured.
Do a port redirection on the firewall for port 80 (http) to the webserver that runs OWA. (ensuring you are pointing to the correct IP if the server has more than one!)
Then the user points the webbrowser at the IP address and the Virtual Directory for exchnage
For example (internal class C address for the example)
http://192.168.10.1/exchange
This will then require the user to authenticate using domain ID and Password ( have seen it a few times that the users must enter username of "DOMAIN\Username")
Hope this helps
J
Do a port redirection on the firewall for port 80 (http) to the webserver that runs OWA. (ensuring you are pointing to the correct IP if the server has more than one!)
Then the user points the webbrowser at the IP address and the Virtual Directory for exchnage
For example (internal class C address for the example)
http://192.168.10.1/exchange
This will then require the user to authenticate using domain ID and Password ( have seen it a few times that the users must enter username of "DOMAIN\Username")
Hope this helps
J
20 August 2003, 06:06 PM
#7
Scooby Regular
Join Date: Nov 2001
Posts: 2,576
Likes: 0
Received 0 Likes
on
0 Posts
We do what James wants I think?
Certain vpn users are allowed access to a subset of servers using certain ports.
I suppose you want a owa user access to the exchange server on port 80 only?
We do this with Firewall1 rules, can't remember what vpn setup you have though :-|
H
Certain vpn users are allowed access to a subset of servers using certain ports.
I suppose you want a owa user access to the exchange server on port 80 only?
We do this with Firewall1 rules, can't remember what vpn setup you have though :-|
H
Trending Topics
20 August 2003, 06:16 PM
#8
Scooby Regular
If you use a VPN you don't need port-forwarding. Ideally you'd want to use a VPN, but restrict the users access using the firewall configuration. All depends on which firewall you're using and if your VPN and Firewall service is provided by one server.
Port forwarding isn't the most secure and ideally you want it in a DMZ if you have to use it. I would also suggest changing the default listening port to something uncommon. This is a simple way to avoid anyone having a go if the only scan well known ports.
We use port-forwarding ourselves as the users don't want to use VPN's since they may want to access e-mail from customer sites or even an Internet Cafe.
Stefan
Port forwarding isn't the most secure and ideally you want it in a DMZ if you have to use it. I would also suggest changing the default listening port to something uncommon. This is a simple way to avoid anyone having a go if the only scan well known ports.
We use port-forwarding ourselves as the users don't want to use VPN's since they may want to access e-mail from customer sites or even an Internet Cafe.
Stefan
Thread
Thread Starter
Forum
Replies
Last Post
ozzy
Computer & Technology Related
9
28 October 2002 10:57 AM