"Lanwench [MVP - Exchange]"
<lanwench@newsgroup> wrote in message
> CSI Albany <CSI Albany@newsgroup> wrote:
>> We have a main office with a machine running small business server
>> 2003 w/ exchange. We have set up a site-to-site vpn connection to a
>> remote office. We cannot currently send/receive mail from outlook
>> exchange accounts on the remote computers. However if we disconnect
>> the site-to-site vpn and connect from the remote computers to the
>> main office server with the microsoft vpn client we can send/recieve
>> mail without a problem.
>> The main office has a subnet of 192.168.1.0. The exchange server has 2
>> NIC's. The IP of the server's internal LAN NIC is 192.168.1.13. The
>> IP of the server's WAN nic (connects to router) is 192.168.1.103.
> This is a problem - they shouldn't be in the same subnet. But see below,
> because this is going to be moot soon...
>> Finally the exchange server is identified as
>> The satellite office has a subnet of 192.168.2.0.
>> With the site-to-site vpn connected we have a computer at the
>> satellite office setup to use 192.168.1.103 as its DNS server. From
>> this remote computer we can ping the exchange server at 192.168.1.13
>> with no problem. When setting up the users account in outlook we
>> enter 192.168.1.13 as the server and it automatically updates to
>> "mailserver.ourorganization.local". This leads me to believe the
>> remote computers are communicating with the server (as is verified in
>> the router logs).
>> When pinging mailserver.ourorganization.local the address resolves to
>> 192.168.1.103 but the ping times out.
>> Not sure where to proceed from here, any help is greatly appreciated.
> Get rid of the 2nd NIC in the SBS box. You need to be behind a good
> firewall appliance that does NAT. Don't connect directly to your ISP's
> modem. Then rerun the CEICW accordingly, and this should work. Outside of
> SBS, multihomed DCs are considered a very bad idea, and if you aren't
> using ISA you don't need it (and it doesn't buy you much). Plus, you're
> currently misconfigured if you have both NICs on the same subnet.
I agree. There's no way to (such as you CANNOT) have an internal interface
and external interface on the same subnet. Otherwise, it cannot route. It
wouldn't know which direction to send the traffic.
Either change the external interface to a 192.168.3.x or something else, or
as you said, disable the external NIC and get a reliable firewall/router,
such as a Cisco ASA 5505.
Curious what's being used for the site to site VPN? SBS or the
router/firewall? If you get an ASA at the remote location, too, you can
create a secure tunnel between the ASA's. It also offers SSL VPN
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.