ScoobyNet.com - Subaru Enthusiast Forum

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)
-   Computer & Technology Related (https://www.scoobynet.com/computer-and-technology-related-34/)
-   -   W2K - VPN & OWA (https://www.scoobynet.com/computer-and-technology-related-34/241971-w2k-vpn-and-owa.html)

Puff The Magic Wagon! 20 August 2003 02:17 PM
Maybe I've forgotten summat but is it possible to allow OWA access to a user but NOT VPN?

'cos it seems to me that you can't...

I'm not sure that setting up a policy in RAS will overcome this problem but I may be wrong, 'cos I think that it is both an OWA & VPN thingy...


Ideas?

Chris L 20 August 2003 02:30 PM
James

Are you talking about some form of split tunneling, with a connection to the internet and and an encrypted connection to your office network?

Chris

Puff The Magic Wagon! 20 August 2003 02:42 PM
Not really - want the user to be able to use OWA from home

Don't want the user to be able to VPN into the office & use shared resources that way

ozzy 20 August 2003 02:52 PM
They need a way into your LAN, so either it's port-forwarding on your firewall to the OWA box, VPN tunneling or some form of dial-up (RAS, Shiva box, etc..)

Can't think of any other ways at the moment.

Stefan

Jeff Wiltshire 20 August 2003 04:24 PM
Allow access to the OWA server as if it was a Web Server ???

jpmason33 20 August 2003 04:30 PM
We run OWA here in the office yet Routing and remote access is not configured.

Do a port redirection on the firewall for port 80 (http) to the webserver that runs OWA. (ensuring you are pointing to the correct IP if the server has more than one!)

Then the user points the webbrowser at the IP address and the Virtual Directory for exchnage

For example (internal class C address for the example)
http://192.168.10.1/exchange

This will then require the user to authenticate using domain ID and Password ( have seen it a few times that the users must enter username of "DOMAIN\Username")

Hope this helps

J

HHxx 20 August 2003 06:06 PM
We do what James wants I think?

Certain vpn users are allowed access to a subset of servers using certain ports.

I suppose you want a owa user access to the exchange server on port 80 only?

We do this with Firewall1 rules, can't remember what vpn setup you have though :-|

H

ozzy 20 August 2003 06:16 PM
If you use a VPN you don't need port-forwarding. Ideally you'd want to use a VPN, but restrict the users access using the firewall configuration. All depends on which firewall you're using and if your VPN and Firewall service is provided by one server.

Port forwarding isn't the most secure and ideally you want it in a DMZ if you have to use it. I would also suggest changing the default listening port to something uncommon. This is a simple way to avoid anyone having a go if the only scan well known ports.

We use port-forwarding ourselves as the users don't want to use VPN's since they may want to access e-mail from customer sites or even an Internet Cafe.

Stefan


All times are GMT +1. The time now is 10:18 AM.


© 2024 MH Sub I, LLC dba Internet Brands