No announcement yet.

multi site - no vpn

  • Filter
  • Time
  • Show
Clear All
new posts

  • multi site - no vpn


    excuse me as i am a newbie .

    My client is an organization that has multiple branches around the world.
    the connection between the branched - it's owned by the same person. that's it.
    each branch has it's own IT people (sometimes outsourced, sometimes in the organization).
    each branch has it's own firewall (multiple vendors) and AD.

    My client would like to encrypt emails going withing the organization.
    So an Exchange 2007 solution came in mind.

    we do NOT want to make a single AD that would cater for all the branched, but rather a parallel AD just for the Exchange solution.

    The problem: this is a multi-site configuration for the Exchange - were we need 5-7 exchage servers around the world.

    now... the problem:

    creating a multi-site VPN is not a realistic option right now.
    because: to many types of FWs, not trained enough people at the brached (with this kind of work), we do not need VPN to share users/files/printers whatsover. just need it for the Exchange.

    Is there a solution to create such a solution for multi-site without VPN that could work reliably ?



  • #2
    Re: multi site - no vpn

    The only option I can think of given the consraints is Hosted Exchange - you might want to do some research about providers that can provide the geographic coverage you require.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"


    • #3
      Re: multi site - no vpn

      I was going to suggest the same, it would remove a lot of the headaches such as MIIS or IIFp etc. for sharing address books and calendars etc.


      • #4
        Re: multi site - no vpn

        we are now checking another option:
        putting a FW box (that can do VPN) BEHIND the FW that is in place in each branch.
        if possible, it will be in the DMZ port of the existing FW.

        this way we could do the VPN for the active directory, while not touching the existing FW rules.

        what do you think ?


        • #5
          Re: multi site - no vpn

          I think you need to setup a Site-to-site vpn.
          I'm don't know what kind of firewalls you got and which one you want to purchase.
          Technical Consultant

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"


          • #6
            Re: multi site - no vpn

            Hi, of course site-to-site.

            we currently have a mix between the branches.
            sonicwall, cisco, 3com, fortigate, checkpoint ...

            the whole idea of creating a VPN without using the existing hardware is:
            we do not want to change anything in them, as they work now, and we are afraid that changing the setup will cause lots of problems. there are places in the world that they have their own VPN between the locations within the country, and we do not want to mess things up.

            paying for additional hardware (as long as the solution works) is money better spent than solving problems from remote