No announcement yet.

Outlook across a CheckPoint VPN

  • Filter
  • Time
  • Show
Clear All
new posts

  • Outlook across a CheckPoint VPN

    Beginning about 2 or 3 days ago, none of my VPN users can connect to our Exchange server (v5.5). They can do everything else over the VPN with no problem.

    They're using Outlook 2003 in Cached Exchange mode.

    No internal network user is having any trouble connecting to Exchange.

    Nothing has changed at the Firewall or at the user's PC end.

    The only thing that I did that was approximately at the same time as the problem began, is that I installed the PE_Endpoint from Ixia on the server.

    I installed the endpoint on Wed. 1/23. I was prompted that the server needed a reboot. I rebooted the server on Sun. 1/27.

    The problem began around Fri (1/25) evening or Sat. (1/26) morning.

    I've since removed the endpoint. No change to the situation.

    Outlook simply doesn't connect (Trying to connect... then Disconnected).

    I can ping the Exchange server across the VPN (both by IP or by name).

    Users can use OWA across the VPN.

    I'm really stumped!

    All other traffic is making it through the VPN with no trouble.

    Any thoughts would be appreciated.


  • #2
    Re: Outlook across a CheckPoint VPN

    so you have a nokia in place now? you should be able to use the built in sniffer/capture to watch the connections in real time...

    set a filter to watch the connections to the exchange server. at the same time, using an external client, connect via VPN and make a note of the IP that was assigned from the scope pool. now set up a capture on this device.

    initiate (or attempt to) a connection from the client to the exchange server...

    what do you see? do the packets even arrive at the exchange server? this is why you need to pay attention to the source address on the sniffing to the exchange...

    and on the flip side, is the client station receiving anything back from inside?

    these steps will at least tell us at what OSI layer the request is failing... is it a routing issue, is it an SSL issue, a port issue...

    thats my suggestion. should take all of about 15 minutes to see where the failure is happening.

    post back.

    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...


    • #3
      Re: Outlook across a CheckPoint VPN

      Thanks for your reply James.

      It's using a VPN connection so I haven't had any luck sniffing on the client PC (encrypted traffic).

      I have access to my firewall logs. There is traffic back and forth. Also, as I mentioned, all other functionality is working for users across the VPN.

      Another new twist....

      I tested Outlook access across the VPN using Outlook XP. It works!

      It seems that it's only Outlook 2003 clients!

      It's getting murkier...


      • #4
        Re: Outlook across a CheckPoint VPN

        Well, it appears that the solution was as follows:

        Our firewall was set to block traffic on certain "known ports". As Outlook and Exchange were negotiating for the ports to use for their session, they would often (apparently, always, of late) agree on one of the "known ports".

        Thanks for everyone's help.


        • #5
          Re: Outlook across a CheckPoint VPN

          I guess I don't quite understand as all the client to server (and vice versa) traffic should have been encapsulated inside the VPN tunnel. Anyone else see it that way?