Connecting via remote

Hi,
I have connection dilemna.
In my LAN I have an Exchange server taht hosts our
email and also serves a proxy. Remote users can connect
to the server. Internal users (main office) can use their Outlook to
access their email in the Exchange server.

Now our branch users are connected to the LAN
thru a frame relay so that to access the email server
they have to uses POP3 using their own high speed
connection otherwise it slows down other applications
flowing thru the frame relay from the branch to the main
office as the Application server is located in the main
office.

Now I want the branch users to use their Exchange account
to access their email using Outlook (instead of pop3). since you have to
define the Exchange server in creating the profile in Outlook,
obviously, it will direct the traffic thru the frame relay.

Is there a way of directing the traffic to a VPN connection
instead of to the frame relay in connecting to the Exchange
server? Is the PC's routing table a good start (though I'm
not very knowledgeable with it)?

Your help is much appreciated.

Glenn

Hi Glenn,

Yes, you should be able to user route tables to direct your clients from
branch office to your Exchange server over VPN.

Details depend very much on your network setup. One major factor is how many
clients you have in your branch office. If you have small number of clients
you could use local routes on the clients themselves. If you have too much
clients to manage them manually then you will have to setup additional
routes on client's default gateway.

In your main office your will also have to setup your Exchange server to use
different routes to direct any traffic for branch office from the server to
VPN and not frame relay.

It will be helpful to you if your clients in branch office are in different
IP subnet then clients in your main office.

Feel free to post back if you need more information/help.

Mike

"Glenn" <(E-Mail Removed)> wrote in message
news:u6vZ$(E-Mail Removed)...
> Hi,
> I have connection dilemna.
> In my LAN I have an Exchange server taht hosts our
> email and also serves a proxy. Remote users can connect
> to the server. Internal users (main office) can use their Outlook to
> access their email in the Exchange server.
>
> Now our branch users are connected to the LAN
> thru a frame relay so that to access the email server
> they have to uses POP3 using their own high speed
> connection otherwise it slows down other applications
> flowing thru the frame relay from the branch to the main
> office as the Application server is located in the main
> office.
>
> Now I want the branch users to use their Exchange account
> to access their email using Outlook (instead of pop3). since you have to
> define the Exchange server in creating the profile in Outlook,
> obviously, it will direct the traffic thru the frame relay.
>
> Is there a way of directing the traffic to a VPN connection
> instead of to the frame relay in connecting to the Exchange
> server? Is the PC's routing table a good start (though I'm
> not very knowledgeable with it)?
>
> Your help is much appreciated.
>
> Glenn
>
>
>

Hi Mike,
Thanks much for your response.
I'll look into routing table as a viable solution.
Is there a good site you can recommend that could guide me
with this setup?

I have a couple of questions though.
When traffic are routed to the vpn connection would it affect
telnet users? The same computer will have to telnet to
the Risc box to run the applications and access the Exchange
server at the same time.

You mentioned Exchange server has to be setup as well to route
traffic. When a user in an offsite location connects thru vpn
(assumming that traffic is now routed not to flow thru frame relay)
does it not direct the traffic requests to the vpn connection
and not to the lan?

Regards,
Glenn


"Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Glenn,
>
> Yes, you should be able to user route tables to direct your clients from
> branch office to your Exchange server over VPN.
>
> Details depend very much on your network setup. One major factor is how
many
> clients you have in your branch office. If you have small number of
clients
> you could use local routes on the clients themselves. If you have too much
> clients to manage them manually then you will have to setup additional
> routes on client's default gateway.
>
> In your main office your will also have to setup your Exchange server to
use
> different routes to direct any traffic for branch office from the server
to
> VPN and not frame relay.
>
> It will be helpful to you if your clients in branch office are in
different
> IP subnet then clients in your main office.
>
> Feel free to post back if you need more information/help.
>
> Mike
>
> "Glenn" <(E-Mail Removed)> wrote in message
> news:u6vZ$(E-Mail Removed)...
> > Hi,
> > I have connection dilemna.
> > In my LAN I have an Exchange server taht hosts our
> > email and also serves a proxy. Remote users can connect
> > to the server. Internal users (main office) can use their Outlook to
> > access their email in the Exchange server.
> >
> > Now our branch users are connected to the LAN
> > thru a frame relay so that to access the email server
> > they have to uses POP3 using their own high speed
> > connection otherwise it slows down other applications
> > flowing thru the frame relay from the branch to the main
> > office as the Application server is located in the main
> > office.
> >
> > Now I want the branch users to use their Exchange account
> > to access their email using Outlook (instead of pop3). since you have to
> > define the Exchange server in creating the profile in Outlook,
> > obviously, it will direct the traffic thru the frame relay.
> >
> > Is there a way of directing the traffic to a VPN connection
> > instead of to the frame relay in connecting to the Exchange
> > server? Is the PC's routing table a good start (though I'm
> > not very knowledgeable with it)?
> >
> > Your help is much appreciated.
> >
> > Glenn
> >
> >
> >
>
>

VPN traffic terminates at the VPN Server. After that point there is no such
thing as "VPN Traffic",...it is just simply LAN Traffic after it has been
decapsulated from the VPN Tunnel and all LAN routing mechanisms you have in
place apply at that point.

VPN is just the "Tunnel" between the two VPN Servers or between the VPN
Server and the VPN Client. It does not exist outside that boundary.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Glenn" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Mike,
> Thanks much for your response.
> I'll look into routing table as a viable solution.
> Is there a good site you can recommend that could guide me
> with this setup?
>
> I have a couple of questions though.
> When traffic are routed to the vpn connection would it affect
> telnet users? The same computer will have to telnet to
> the Risc box to run the applications and access the Exchange
> server at the same time.
>
> You mentioned Exchange server has to be setup as well to route
> traffic. When a user in an offsite location connects thru vpn
> (assumming that traffic is now routed not to flow thru frame relay)
> does it not direct the traffic requests to the vpn connection
> and not to the lan?
>
> Regards,
> Glenn
>
>
> "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi Glenn,
> >
> > Yes, you should be able to user route tables to direct your clients from
> > branch office to your Exchange server over VPN.
> >
> > Details depend very much on your network setup. One major factor is how
> many
> > clients you have in your branch office. If you have small number of
> clients
> > you could use local routes on the clients themselves. If you have too
much
> > clients to manage them manually then you will have to setup additional
> > routes on client's default gateway.
> >
> > In your main office your will also have to setup your Exchange server to
> use
> > different routes to direct any traffic for branch office from the server
> to
> > VPN and not frame relay.
> >
> > It will be helpful to you if your clients in branch office are in
> different
> > IP subnet then clients in your main office.
> >
> > Feel free to post back if you need more information/help.
> >
> > Mike
> >
> > "Glenn" <(E-Mail Removed)> wrote in message
> > news:u6vZ$(E-Mail Removed)...
> > > Hi,
> > > I have connection dilemna.
> > > In my LAN I have an Exchange server taht hosts our
> > > email and also serves a proxy. Remote users can connect
> > > to the server. Internal users (main office) can use their Outlook to
> > > access their email in the Exchange server.
> > >
> > > Now our branch users are connected to the LAN
> > > thru a frame relay so that to access the email server
> > > they have to uses POP3 using their own high speed
> > > connection otherwise it slows down other applications
> > > flowing thru the frame relay from the branch to the main
> > > office as the Application server is located in the main
> > > office.
> > >
> > > Now I want the branch users to use their Exchange account
> > > to access their email using Outlook (instead of pop3). since you have
to
> > > define the Exchange server in creating the profile in Outlook,
> > > obviously, it will direct the traffic thru the frame relay.
> > >
> > > Is there a way of directing the traffic to a VPN connection
> > > instead of to the frame relay in connecting to the Exchange
> > > server? Is the PC's routing table a good start (though I'm
> > > not very knowledgeable with it)?
> > >
> > > Your help is much appreciated.
> > >
> > > Glenn
> > >
> > >
> > >
> >
> >
>
>

Thanks Phillip.

Please correct my understanding in this scenario if
it is wrong. And pardon me for this sorry diagram.

98.0.0.1
98.0.0.20/207.123.123.55
pc ----lan-----frame relay-----lan------Exchange/VPN server
| | |
| Risc 6000 |
|_ vpn_______________________ |
98.0.0.100

With routing mechanism in place, after the pc connects as
vpn client to the vpn server, all information (or traffic) is
routed to the vpn tunnel. Telnet to the Risc 6000 is also made
via the vpn tunnel? If so, then the frame relay is rendered useless
is this case.


Regards,
Glenn




"Phillip Windell" <@.> wrote in message
news:%(E-Mail Removed)...
> VPN traffic terminates at the VPN Server. After that point there is no
such
> thing as "VPN Traffic",...it is just simply LAN Traffic after it has been
> decapsulated from the VPN Tunnel and all LAN routing mechanisms you have
in
> place apply at that point.
>
> VPN is just the "Tunnel" between the two VPN Servers or between the VPN
> Server and the VPN Client. It does not exist outside that boundary.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "Glenn" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi Mike,
> > Thanks much for your response.
> > I'll look into routing table as a viable solution.
> > Is there a good site you can recommend that could guide me
> > with this setup?
> >
> > I have a couple of questions though.
> > When traffic are routed to the vpn connection would it affect
> > telnet users? The same computer will have to telnet to
> > the Risc box to run the applications and access the Exchange
> > server at the same time.
> >
> > You mentioned Exchange server has to be setup as well to route
> > traffic. When a user in an offsite location connects thru vpn
> > (assumming that traffic is now routed not to flow thru frame relay)
> > does it not direct the traffic requests to the vpn connection
> > and not to the lan?
> >
> > Regards,
> > Glenn
> >
> >
> > "Miha Pihler" <mihap-(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Hi Glenn,
> > >
> > > Yes, you should be able to user route tables to direct your clients
from
> > > branch office to your Exchange server over VPN.
> > >
> > > Details depend very much on your network setup. One major factor is
how
> > many
> > > clients you have in your branch office. If you have small number of
> > clients
> > > you could use local routes on the clients themselves. If you have too
> much
> > > clients to manage them manually then you will have to setup additional
> > > routes on client's default gateway.
> > >
> > > In your main office your will also have to setup your Exchange server
to
> > use
> > > different routes to direct any traffic for branch office from the
server
> > to
> > > VPN and not frame relay.
> > >
> > > It will be helpful to you if your clients in branch office are in
> > different
> > > IP subnet then clients in your main office.
> > >
> > > Feel free to post back if you need more information/help.
> > >
> > > Mike
> > >
> > > "Glenn" <(E-Mail Removed)> wrote in message
> > > news:u6vZ$(E-Mail Removed)...
> > > > Hi,
> > > > I have connection dilemna.
> > > > In my LAN I have an Exchange server taht hosts our
> > > > email and also serves a proxy. Remote users can connect
> > > > to the server. Internal users (main office) can use their Outlook
to
> > > > access their email in the Exchange server.
> > > >
> > > > Now our branch users are connected to the LAN
> > > > thru a frame relay so that to access the email server
> > > > they have to uses POP3 using their own high speed
> > > > connection otherwise it slows down other applications
> > > > flowing thru the frame relay from the branch to the main
> > > > office as the Application server is located in the main
> > > > office.
> > > >
> > > > Now I want the branch users to use their Exchange account
> > > > to access their email using Outlook (instead of pop3). since you
have
> to
> > > > define the Exchange server in creating the profile in Outlook,
> > > > obviously, it will direct the traffic thru the frame relay.
> > > >
> > > > Is there a way of directing the traffic to a VPN connection
> > > > instead of to the frame relay in connecting to the Exchange
> > > > server? Is the PC's routing table a good start (though I'm
> > > > not very knowledgeable with it)?
> > > >
> > > > Your help is much appreciated.
> > > >
> > > > Glenn
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

"Glenn" <(E-Mail Removed)> wrote in message
news:ugQy%(E-Mail Removed)...
> 98.0.0.1
> 98.0.0.20/207.123.123.55
> pc ----lan-----frame relay-----lan------Exchange/VPN server
> | | |
> | Risc 6000 |
> |_ vpn__________________________ |
> 98.0.0.100
>
> With routing mechanism in place, after the pc connects as
> vpn client to the vpn server, all information (or traffic) is
> routed to the vpn tunnel. Telnet to the Risc 6000 is also made
> via the vpn tunnel? If so, then the frame relay is rendered useless
> is this case.

Apples and oranges.
The Frame relay is the "physical world", the VPN link is the "logical
world". There is no relationship between the public IP#s on the Frame Relay
and how the VPN works. They play the same role that a phone number played
in an old dialup connection. Thinking that they effect routing is like
thinking that a phone number effected the routing in and old dialup link and
asking what subnet mask you should use with a phone number.

The PC becomes part of the LAN (same IP# range) and uses the Exchange/VPN as
the connection point. Since the PC is now in the same subnet as the rest of
the LAN,...the Exchange/VPN machines is acting as a bridge between the PC
and the LAN. Now if you involve other subnets, then it is possible that the
Exchange/VPN box could be acting as a router,...it just depends on the exact
situtation.

Of course I may misunderstand what you are asking.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Glenn" <(E-Mail Removed)> wrote in message
news:ugQy%(E-Mail Removed)...
> routed to the vpn tunnel. Telnet to the Risc 6000 is also made
> via the vpn tunnel?

Since the Remote Client PC is on the same LAN, and probably the same subnet,
after the VPN is established, it would simply connect to any server (RIS or
whatever) directly via the normal IP# that servers have on the LAN.

You may need to use the IP# instead of the name unless you have established
provisions for "naming" to work.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Hi Phillip,

I think what confuses me is that without the routing mechanism
in place, when the pc is connected via vpn with the same ip
number subnet, 98.0.0.1 (physical ) and 98.0.0.100 (logical vpn)
where does the traffic flow since both are part of the lan? Does it
flow thru the frame relay or the internet?
Say if I telnet to a risc box, which route does it take?

Glenn

"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> "Glenn" <(E-Mail Removed)> wrote in message
> news:ugQy%(E-Mail Removed)...
> > 98.0.0.1
> > 98.0.0.20/207.123.123.55
> > pc ----lan-----frame relay-----lan------Exchange/VPN server
> > | | |
> > | Risc 6000 |
> > |_ vpn__________________________ |
> > 98.0.0.100
> >
> > With routing mechanism in place, after the pc connects as
> > vpn client to the vpn server, all information (or traffic) is
> > routed to the vpn tunnel. Telnet to the Risc 6000 is also made
> > via the vpn tunnel? If so, then the frame relay is rendered useless
> > is this case.
>
> Apples and oranges.
> The Frame relay is the "physical world", the VPN link is the "logical
> world". There is no relationship between the public IP#s on the Frame
Relay
> and how the VPN works. They play the same role that a phone number played
> in an old dialup connection. Thinking that they effect routing is like
> thinking that a phone number effected the routing in and old dialup link
and
> asking what subnet mask you should use with a phone number.
>
> The PC becomes part of the LAN (same IP# range) and uses the Exchange/VPN
as
> the connection point. Since the PC is now in the same subnet as the rest
of
> the LAN,...the Exchange/VPN machines is acting as a bridge between the PC
> and the LAN. Now if you involve other subnets, then it is possible that
the
> Exchange/VPN box could be acting as a router,...it just depends on the
exact
> situtation.
>
> Of course I may misunderstand what you are asking.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>

"Glenn" <(E-Mail Removed)> wrote in message
news:uzb$%(E-Mail Removed)...
> I think what confuses me is that without the routing mechanism
> in place, when the pc is connected via vpn with the same ip
> number subnet, 98.0.0.1 (physical ) and 98.0.0.100 (logical vpn)

It should not be 98.0.0.x. What is the LAN IP of the Exchange/VPN box? It
would be an address associated with that.

> where does the traffic flow since both are part of the lan? Does it
> flow thru the frame relay or the internet?
> Say if I telnet to a risc box, which route does it take?

Doesn't the frame relay run over the Internet?...or is it a private link?
If it is a private link, then you should not be using VPN with it to begin
with. VPN is for running over the Internet, not over private links. If it is
a private link, then why are there public IP#s associated with it?
(98.*.*.* is a public address block).

I guess you have confused me with this. It continues to become more unclear
as to exactly what you have built there. Terminology is everything with
this stuff. I am trying to deal with a system I have never seen and can
never see with my own eyes. Choose your terminology carefully or you will
just create more confusion.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


>
> Glenn
>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
> > "Glenn" <(E-Mail Removed)> wrote in message
> > news:ugQy%(E-Mail Removed)...
> > > 98.0.0.1
> > > 98.0.0.20/207.123.123.55
> > > pc ----lan-----frame relay-----lan------Exchange/VPN server
> > > | | |
> > > | Risc 6000 |
> > > |_ vpn__________________________ |
> > > 98.0.0.100
> > >
> > > With routing mechanism in place, after the pc connects as
> > > vpn client to the vpn server, all information (or traffic) is
> > > routed to the vpn tunnel. Telnet to the Risc 6000 is also made
> > > via the vpn tunnel? If so, then the frame relay is rendered useless
> > > is this case.
> >
> > Apples and oranges.
> > The Frame relay is the "physical world", the VPN link is the "logical
> > world". There is no relationship between the public IP#s on the Frame
> Relay
> > and how the VPN works. They play the same role that a phone number
played
> > in an old dialup connection. Thinking that they effect routing is like
> > thinking that a phone number effected the routing in and old dialup link
> and
> > asking what subnet mask you should use with a phone number.
> >
> > The PC becomes part of the LAN (same IP# range) and uses the
Exchange/VPN
> as
> > the connection point. Since the PC is now in the same subnet as the rest
> of
> > the LAN,...the Exchange/VPN machines is acting as a bridge between the
PC
> > and the LAN. Now if you involve other subnets, then it is possible that
> the
> > Exchange/VPN box could be acting as a router,...it just depends on the
> exact
> > situtation.
> >
> > Of course I may misunderstand what you are asking.
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
>
>

Phillip,
You are absolutely correct in saying that our setup is confusing and
probably one
of a kind having been started a decade ago with the wrong ip scheme by
the wrong people and as it grew, was never rectified and so is causing us
grief.

I'll try and describe our network topology the best way I can.
Everything in the lan (branch and main office) has the same subnet mask
and has a very bad ip scheme at that. I only used 98.0.0.x as an example
but
we have an ip range of 124.x.x.x subnet 255 .0.0.0 which we are not suppose
to be
using in the first place and it worked since day one but that's another
story.
The setup is that branch users are part of the lan that is connected to the
office lan by the
frame relay which is a dedicated connection. I guess you're correct when
you say
it is a private link. The exchange/isa/vpn server is in the main office.
The branch has it's own
proxy server to connect to the internet and is part of the 124.x.x.x range.
Branch users telnet
to the Risc box in the main office to run Aix applications. They don't
access the exchange mailbox
directly because of frame relay issue (56k) but use Pop3 to access their
Exchange mailbox.
Now that we are implementing public folders, they have to create an
exchange account to use
Exchange's functionality fully. An dthat's where the dilemna starts.

I hope this diagram helps.

Branch Lan |
| Main Office Lan
pc 124.0.0.x subnet 255.0.0.0 | 124.x.0.0 (weird
address but works) | pc 124.0.0.x subnet
255.0.0.0
pc
|---------------------framerelay (dedicated)--------------------| Risc
Box 124.x.x.x subnet 255.0.0.0
pc |
| Exchange/Isa/VPN 124.0.0.x / 207.x.x.x (internet)
Proxy server 124.0.0.x |
|

I would like branch users to access their Exchange mailbox using a vpn
connection and not thru the frame relay.

Regards,
Glenn



"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> "Glenn" <(E-Mail Removed)> wrote in message
> news:uzb$%(E-Mail Removed)...
> > I think what confuses me is that without the routing mechanism
> > in place, when the pc is connected via vpn with the same ip
> > number subnet, 98.0.0.1 (physical ) and 98.0.0.100 (logical vpn)
>
> It should not be 98.0.0.x. What is the LAN IP of the Exchange/VPN box?
It
> would be an address associated with that.
>
> > where does the traffic flow since both are part of the lan? Does it
> > flow thru the frame relay or the internet?
> > Say if I telnet to a risc box, which route does it take?
>
> Doesn't the frame relay run over the Internet?...or is it a private link?
> If it is a private link, then you should not be using VPN with it to begin
> with. VPN is for running over the Internet, not over private links. If it
is
> a private link, then why are there public IP#s associated with it?
> (98.*.*.* is a public address block).
>
> I guess you have confused me with this. It continues to become more
unclear
> as to exactly what you have built there. Terminology is everything with
> this stuff. I am trying to deal with a system I have never seen and can
> never see with my own eyes. Choose your terminology carefully or you will
> just create more confusion.
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> >
> > Glenn
> >
> > "Phillip Windell" <@.> wrote in message
> > news:(E-Mail Removed)...
> > > "Glenn" <(E-Mail Removed)> wrote in message
> > > news:ugQy%(E-Mail Removed)...
> > > > 98.0.0.1
> > > > 98.0.0.20/207.123.123.55
> > > > pc ----lan-----frame relay-----lan------Exchange/VPN server
> > > > | |
|
> > > > | Risc 6000 |
> > > > |_ vpn__________________________ |
> > > > 98.0.0.100
> > > >
> > > > With routing mechanism in place, after the pc connects as
> > > > vpn client to the vpn server, all information (or traffic) is
> > > > routed to the vpn tunnel. Telnet to the Risc 6000 is also made
> > > > via the vpn tunnel? If so, then the frame relay is rendered
useless
> > > > is this case.
> > >
> > > Apples and oranges.
> > > The Frame relay is the "physical world", the VPN link is the "logical
> > > world". There is no relationship between the public IP#s on the Frame
> > Relay
> > > and how the VPN works. They play the same role that a phone number
> played
> > > in an old dialup connection. Thinking that they effect routing is like
> > > thinking that a phone number effected the routing in and old dialup
link
> > and
> > > asking what subnet mask you should use with a phone number.
> > >
> > > The PC becomes part of the LAN (same IP# range) and uses the
> Exchange/VPN
> > as
> > > the connection point. Since the PC is now in the same subnet as the
rest
> > of
> > > the LAN,...the Exchange/VPN machines is acting as a bridge between the
> PC
> > > and the LAN. Now if you involve other subnets, then it is possible
that
> > the
> > > Exchange/VPN box could be acting as a router,...it just depends on the
> > exact
> > > situtation.
> > >
> > > Of course I may misunderstand what you are asking.
> > >
> > > --
> > >
> > > Phillip Windell [MCP, MVP, CCNA]
> > > www.wandtv.com
> > >
> > >
> >
> >
>
>