Re: VPN Connection interferes with sending POP3 mail

From: Dan Zimmerman (discussions_at_e-tronics.com)
Date: 07/29/04 

Date: Thu, 29 Jul 2004 13:25:17 -0700

The remote machine connecting throught the VPN tunnel is
denied access because it is using the internal network
for routing. Creating alternate routes is dangerous
because you will then create what is known as a "split
VPN" which opens a large hole for attackers to use your
ISP connection to come through the remote machine and
into your interior network.

Dan Zimmerman, SSCP, MCP
 
>-----Original Message-----
>Brad Jackson wrote:
>> When a machine on our LAN makes a VPN connection to
our home office,
>> that machine cannot sent mail via POP3. It can
however receive mail
>> which comes from the same server that the VPN
connection is made to.
>> I understand that when the VPN connection to the mail
server is made
>> that machine becomes a part of that network and
therfore is somehow
>> denied access to sending through our local ISP. Is
there anyway
>> around this other that setting the outgoing mail
setting to send
>> through the mail server that the VPN connection is
made to? They
>> have security so tight on that server that we have
alot of trouble
>> sending from our office.
>
>Emails are usually sent using SMTP, not POP3. POP3 is
used for
>downloading mails from a server.
>
>An idea for solving your problem is to adjust the
routing table (using
>the "route" command), so that connections to your SMTP
server do not use
>the VPN connection.
>.
>

Relevant Pages

  • Re: Connection Wizard - VPN Problem
    ... VPN Server Name The Routing and Remote Access service enables your server to be a virtual private network server. ... I am getting an error with the "connect to sbs" (I think it's the connection ...
    (microsoft.public.windows.server.sbs)
  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • RE: VPN issue on SBS2003
    ... I understand that you encountered VPN connection issue when you use VPN to ... Internet clients or VPN to external VPN Server from SBS Client computers? ... Configure E-mail and Internet Connection Wizard ... Total GRE packets sent = 1 ...
    (microsoft.public.windows.server.sbs)
  • RE: PPTP VPN connection problems
    ... The problem is that the VPN does not disconnect. ... However after some idle period I can not send packets across the connection. ... A ping to the server would result in "Request timed out". ... If I connect with the VPN client locally to the internet ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2003 VPN Default Gateway Issues
    ... Ethernet adapter Local Area Connection: ... If the VPN server is configured to use a static IP address ... the default gateway on the client is not the problem. ...
    (microsoft.public.windows.server.networking)
Quantcast