Announcement

Collapse
No announcement yet.

Branch office exchange users lose outlook access once tunnel goes down

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Branch office exchange users lose outlook access once tunnel goes down

    Hello,
    Currently i have split dns where my internal domain and external domain name mirror each other.I have a branch office with a different network address and connected to AD via SITES and Services using router to router ipsec tunnel. I noticed when branch office users lose connection to the tunnel their outlook client cant find exchange because the were going through the tunnel using the internal mail servers ip address instead of the public ip address. This is how i want it but i want them to use the external ip if the link goes down. is it as simple as creating an A record and pointing the mail server to the external ip address as well as the internal(mail.xxxx.com is the name of the internal and external mail server? What happens when the link comes back up? I would like the users to use the internal ip address over the ipsec tunnel. Im running exchange 2k10 and Windows 2008 R2

    Thanks
    Last edited by joeyg2391; 3rd July 2012, 16:49.

  • #2
    Re: Branch office exchange users lose outlook access once tunnel goes down

    No, it isn't as simple as that.
    This is because you cannot access Exchange across the internet in the same way as you do over a LAN (and your IPSEC VPN is effectively an extension of the LAN).
    If you want to have the clients use a second connection method then you will need to enable Outlook Anywhere. That connects via port 443 only, but will require an SSL certificate an external name that is different to your internal names. If you are already using OWA then the same host name and SSL certificate will do the job for you.

    Outlook Anywhere is enabled through Exchange and is as simple as enabling the feature, entering the external address and then waiting about 15 minutes for Exchange to do the work in the background.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Branch office exchange users lose outlook access once tunnel goes down

      Thanks but I do have owa with SSL cert using windows CA. Again the cert name is the same for both internal and external which point to mail.xxx.com. I also have San on the cert for autodiscover services. I have a private natted IP address to my mail server which has port 443 open on the router.

      Comment


      • #4
        Re: Branch office exchange users lose outlook access once tunnel goes down

        Originally posted by joeyg2391 View Post
        Thanks but I do have owa with SSL cert using windows CA. Again the cert name is the same for both internal and external which point to mail.xxx.com. I also have San on the cert for autodiscover services. I have a private natted IP address to my mail server which has port 443 open on the router.
        That is going to be a problem then.
        Ideally the internal and external URL should be different so that Outlook can differentiate between them.

        Making DNS changes so the internal URL resolves externally isn't going to help because DNS gets cached.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X