Maybe I've forgotten summat but is it possible to allow OWA access to a user but NOT VPN?
'cos it seems to me that you can't... I'm not sure that setting up a policy in RAS will overcome this problem but I may be wrong, 'cos I think that it is both an OWA & VPN thingy... Ideas? |
James
Are you talking about some form of split tunneling, with a connection to the internet and and an encrypted connection to your office network? Chris |
Not really - want the user to be able to use OWA from home
Don't want the user to be able to VPN into the office & use shared resources that way |
They need a way into your LAN, so either it's port-forwarding on your firewall to the OWA box, VPN tunneling or some form of dial-up (RAS, Shiva box, etc..)
Can't think of any other ways at the moment. Stefan |
Allow access to the OWA server as if it was a Web Server ???
|
We run OWA here in the office yet Routing and remote access is not configured.
Do a port redirection on the firewall for port 80 (http) to the webserver that runs OWA. (ensuring you are pointing to the correct IP if the server has more than one!) Then the user points the webbrowser at the IP address and the Virtual Directory for exchnage For example (internal class C address for the example) http://192.168.10.1/exchange This will then require the user to authenticate using domain ID and Password ( have seen it a few times that the users must enter username of "DOMAIN\Username") Hope this helps J |
We do what James wants I think?
Certain vpn users are allowed access to a subset of servers using certain ports. I suppose you want a owa user access to the exchange server on port 80 only? We do this with Firewall1 rules, can't remember what vpn setup you have though :-| H |
If you use a VPN you don't need port-forwarding. Ideally you'd want to use a VPN, but restrict the users access using the firewall configuration. All depends on which firewall you're using and if your VPN and Firewall service is provided by one server.
Port forwarding isn't the most secure and ideally you want it in a DMZ if you have to use it. I would also suggest changing the default listening port to something uncommon. This is a simple way to avoid anyone having a go if the only scan well known ports. We use port-forwarding ourselves as the users don't want to use VPN's since they may want to access e-mail from customer sites or even an Internet Cafe. Stefan |
All times are GMT +1. The time now is 10:18 AM. |
© 2024 MH Sub I, LLC dba Internet Brands