Re-doing company network. Need advice on a couple of issues.

Hi,

I am in the process of redesigning the network in our office of about
10-15 users. We also have one remote user out of state. I have
implemented Active directory and created a domain, "corp.company.com."

We have a 768 SDSL connection with one static public IP.

Up till now we have been using ISP mail (pop3 and smtp) but have now
made the decision to host our own mail server (Exchange 2003). However
I am having trouble grasping a few issues:

1. In order for my one remote user to access the Exchange Server, I am
guessing she would have to VPN in and be an Active Directory user,
correct? Is there another way she could be seperate from the corporate
office but still get her email from our server?

I was trying to think of a way where she could stay on ISP mail and the
rest of us at the corporate office could use exchange, but this does
not seem possible or the right thing to do.

I am pretty limited in my knowledge of network infrastructure, but am
reading and trying to learn as fast as I can for this project.

This is the network setup thus far:
- Windows 2000 Server as a domain controller, DNS server, DHCP server,
and light use file server.
- Windows 2003 Server with Exchange Server 2003
- D-Link DFL-210 VPN Firewall
- Sonicwall SSL-VPN 200
- Barracuda Networks Spam Filter appliance

Basically, here is the network setup: D-Link firewall is connected to
the DSL modem. All servers and workstations are behind the firewall,
no DMZ.

Any advice given would be greatly appreciated.

Thanks,

Asheesh

"asheesh88" wrote:

> 1. In order for my one remote user to access the Exchange Server, I am
> guessing she would have to VPN in and be an Active Directory user,
> correct? Is there another way she could be seperate from the corporate
> office but still get her email from our server?

There are many ways. Here are a few (you may need to research them all to
figure out which meets your needs best):

a) RPC-over-HTPP(S)
b) Outlook Web Access (AKA OWA)
c) POP3/SMTP
d) Outlook Mobile Access (AKA OMA)
e) have the remote user get a gmail (or similar) account, and forward email
to it

I listed them for you because sometimes just finding out what technologies
exist (and some googleable names) is the hardest part. OMA is only for
Windows Mobile type access, but it might be of interest.

I did list them in decreasing order of security, sort of (depends on how you
configure each, etc.). However, "b" (OWA) is *much* easier to setup and
maintain than "a".

Good luck, and have fun!

In news:(E-Mail Removed) ps.com,
asheesh88 <(E-Mail Removed)> stated, which I commented on below:
> Hi,
>
> I am in the process of redesigning the network in our office of about
> 10-15 users. We also have one remote user out of state. I have
> implemented Active directory and created a domain, "corp.company.com."
>
> We have a 768 SDSL connection with one static public IP.
>
> Up till now we have been using ISP mail (pop3 and smtp) but have now
> made the decision to host our own mail server (Exchange 2003).
> However I am having trouble grasping a few issues:
>
> 1. In order for my one remote user to access the Exchange Server, I
> am guessing she would have to VPN in and be an Active Directory user,
> correct? Is there another way she could be seperate from the
> corporate office but still get her email from our server?

Well, this depends on how you want to allow them to access their mail. They
could VPN in and use Microsoft Office Outlook. They can also access their
email using Microsoft Office Outlook using RPC over HTTPS, or even just
simply using the OWA (using a browser).

But YES, they MUST have an account in Active Directory and be mailbox
enabled in order to have an Exchange email account.

>
> I was trying to think of a way where she could stay on ISP mail and
> the rest of us at the corporate office could use exchange, but this
> does not seem possible or the right thing to do.

You can do that too and not have an AD account. You can create Contacts in
AD using their names and their external email account. The accounts will
show up in the GAL for your users to email to them. The external users can
simply reply back or just add your AD users into their own personal address
list.

>
> I am pretty limited in my knowledge of network infrastructure, but am
> reading and trying to learn as fast as I can for this project.
>
> This is the network setup thus far:
> - Windows 2000 Server as a domain controller, DNS server, DHCP
> server, and light use file server.
> - Windows 2003 Server with Exchange Server 2003
> - D-Link DFL-210 VPN Firewall
> - Sonicwall SSL-VPN 200
> - Barracuda Networks Spam Filter appliance
>
> Basically, here is the network setup: D-Link firewall is connected to
> the DSL modem. All servers and workstations are behind the firewall,
> no DMZ.
>
> Any advice given would be greatly appreciated.
>
> Thanks,
>
> Asheesh

This is a normal and popular setup. Simply create a rule to allow port 25
inbound to the Exchange server. For OWA access, allow either 80 or 443
(depending if using HTTPS or not). No VPN required.

If you want to go the RPC/HTTPS route, allow 443, but there are numerous
steps behind this to configure it. Assuming RPC/HJTTPS, they won't require a
VPN, but their Outlook profiles will need to be configured for them or give
them a step by step on how to configure it.

If none of the above, and simply use Outlook, then they will need to VPN in
first.

If they will remain as external non-AD account users, then they will not
require access. For your own users, they can use the OWA when away from
home. OWA is web based and does not require a VPN connection, but simply
connecting to the outside interface by something similar to this:
https://mail.yourdomainname.com/exchange

Of course you will need to create a 'mail' or similar record, or change your
existing records' IP address to your WAN interface (along with the port
remap), so your Exchange server will receive mail. You will also need to
configure the Recipient Policy with your domain name. I'm sure you've
already read up on that part.

Happy Holidays!

Back to wrapping gifts....

Ace

In addition to what the other's have said your domain name is already
registered to someone else (company.com). This will require some special
considerations for dns.

--
Kerry Brown
Microsoft MVP - Shell/User
www.vistahelp.ca/phpBB2


"asheesh88" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
> Hi,
>
> I am in the process of redesigning the network in our office of about
> 10-15 users. We also have one remote user out of state. I have
> implemented Active directory and created a domain, "corp.company.com."
>
> We have a 768 SDSL connection with one static public IP.
>
> Up till now we have been using ISP mail (pop3 and smtp) but have now
> made the decision to host our own mail server (Exchange 2003). However
> I am having trouble grasping a few issues:
>
> 1. In order for my one remote user to access the Exchange Server, I am
> guessing she would have to VPN in and be an Active Directory user,
> correct? Is there another way she could be seperate from the corporate
> office but still get her email from our server?
>
> I was trying to think of a way where she could stay on ISP mail and the
> rest of us at the corporate office could use exchange, but this does
> not seem possible or the right thing to do.
>
> I am pretty limited in my knowledge of network infrastructure, but am
> reading and trying to learn as fast as I can for this project.
>
> This is the network setup thus far:
> - Windows 2000 Server as a domain controller, DNS server, DHCP server,
> and light use file server.
> - Windows 2003 Server with Exchange Server 2003
> - D-Link DFL-210 VPN Firewall
> - Sonicwall SSL-VPN 200
> - Barracuda Networks Spam Filter appliance
>
> Basically, here is the network setup: D-Link firewall is connected to
> the DSL modem. All servers and workstations are behind the firewall,
> no DMZ.
>
> Any advice given would be greatly appreciated.
>
> Thanks,
>
> Asheesh
>

Hi everyone,

thanks for all the suggestions. The RPC/Https setup sounds
interesting. I will do some research on that.

She will most likely be VPN'ing in anyway, because she will need to
have access to shared directories, etc. However, in the event that she
does not need to, it seems like I have plenty of other options.

Again, thanks,
and Happy Holidays!

Asheesh



Kerry Brown wrote:
> In addition to what the other's have said your domain name is already
> registered to someone else (company.com). This will require some special
> considerations for dns.
>
> --
> Kerry Brown
> Microsoft MVP - Shell/User
> www.vistahelp.ca/phpBB2
>
>
> "asheesh88" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ps.com...
> > Hi,
> >
> > I am in the process of redesigning the network in our office of about
> > 10-15 users. We also have one remote user out of state. I have
> > implemented Active directory and created a domain, "corp.company.com."
> >
> > We have a 768 SDSL connection with one static public IP.
> >
> > Up till now we have been using ISP mail (pop3 and smtp) but have now
> > made the decision to host our own mail server (Exchange 2003). However
> > I am having trouble grasping a few issues:
> >
> > 1. In order for my one remote user to access the Exchange Server, I am
> > guessing she would have to VPN in and be an Active Directory user,
> > correct? Is there another way she could be seperate from the corporate
> > office but still get her email from our server?
> >
> > I was trying to think of a way where she could stay on ISP mail and the
> > rest of us at the corporate office could use exchange, but this does
> > not seem possible or the right thing to do.
> >
> > I am pretty limited in my knowledge of network infrastructure, but am
> > reading and trying to learn as fast as I can for this project.
> >
> > This is the network setup thus far:
> > - Windows 2000 Server as a domain controller, DNS server, DHCP server,
> > and light use file server.
> > - Windows 2003 Server with Exchange Server 2003
> > - D-Link DFL-210 VPN Firewall
> > - Sonicwall SSL-VPN 200
> > - Barracuda Networks Spam Filter appliance
> >
> > Basically, here is the network setup: D-Link firewall is connected to
> > the DSL modem. All servers and workstations are behind the firewall,
> > no DMZ.
> >
> > Any advice given would be greatly appreciated.
> >
> > Thanks,
> >
> > Asheesh
> >

"asheesh88" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
> I am in the process of redesigning the network in our office of about
> 10-15 users. We also have one remote user out of state. I have
> implemented Active directory and created a domain, "corp.company.com."

I see several problems already.
1. "corp.company.com" is not a domain name,..it is either the individual
host name
of a machine or is the name of a Child Domain underneath the Forest
"company.com". For a network of 10-15 user this is a very *bad
sign* of
what you may have done.
2. It should not end with ".com". It should be ".loc" or
".local",....anything but
".com" or any other Internet based top level domains. The Active
Directory
Domain has *nothing* to do with the Internet or any publicly
registered
domains. They exist for entirely and completely different reasons
and should
never be the same name. The only thing they have in common is that
they are
both called "domains" and it starts with "D",...nothing more,..that
is where is
stops.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------