email delivery besides vpn to specific domain does not work when vpn tunnel is broken

Hi,

We have 1 master 3.8sp4ir3 bordermanager server running on netware 6.5, and 
several slaves all over the world.
One slave is located in the USA. The tunnel however at this moment is not 
used and all emailtraffic from the USA will be directly delivered from their 
exchange environment to the other domains. If they sent email from their 
domain to our domain, then it is succesfully delivered to our mailserver 
(the incoming email to our domain is delivered to our public nic of the vpn 
master server). However when we stop the vpn at our master server, the email 
to our domain stays stuck in the queue on the exchange server.

The bordermanager slave there in the USA is configured with a public 
ipaddress in the private address range. Nat is performed on the router.
The master and all other slaves do use real public ipaddresses.

Anyone experienced this before? the domain mx record can be succesfully 
resolved.

Other strange thing is that they configured a secondary public ip that 
connects to a terminal server, which we can not connect to from our site 
(except by using vpn). If  I connect from my homeaddress it is possible to 
connect.

regards,
Eric


0
Eric
5/10/2006 7:12:34 PM
novell.bordermanager.vpn 2677 articles. 0 followers. Follow

5 Replies
399 Views

Similar Articles

[PageSpeed] 31
Get it on Google Play
Get it on Apple App Store

Hi,

Eric Raven wrote:
> 
> Anyone experienced this before? the domain mx record can be succesfully
> resolved.

It's completely normal. The public IPs of both sides are only reachable
through the (working) tunnelfrom the other side. If you bring the tunnel
down without completely removing it (and thus it's routing), the two
involved sites will no longer be able to communicate.
 
CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
0
Massimo
5/10/2006 9:28:41 PM
Massimo,

Thanks for your answer.
So if we sent the email from the USA-site directly to the ISP then that is a 
solution, I assume?

If we replace the bordermanager with a watchguard solution, would this mean 
that I theoretically have the same problem?

regards,
Eric

"Massimo Rosen" <mrosenno@spamcfc-it.de> wrote in message 
news:44625B08.47807143@spamcfc-it.de...
> Hi,
>
> Eric Raven wrote:
>>
>> Anyone experienced this before? the domain mx record can be succesfully
>> resolved.
>
> It's completely normal. The public IPs of both sides are only reachable
> through the (working) tunnelfrom the other side. If you bring the tunnel
> down without completely removing it (and thus it's routing), the two
> involved sites will no longer be able to communicate.
>
> CU,
> --
> Massimo Rosen
> Novell Product Support Forum Sysop
> No emails please!
> http://www.cfc-it.de 


0
Eric
5/11/2006 6:37:53 PM
Hi,

Eric Raven wrote:
> 
> Massimo,
> 
> Thanks for your answer.
> So if we sent the email from the USA-site directly to the ISP then that is a
> solution, I assume?

Well, i wouldn't call it solution. It's a nasty workaround at best.
 
> If we replace the bordermanager with a watchguard solution, would this mean
> that I theoretically have the same problem?

Yes. All IPSEC vpns I know would behave exactly teh same here. If you
try to reach one of the IPs on the other side of the tunnel (that
includes the public IPs on the tunnel itself), the VPN will try to
establish, cause that's what the routing table says where to go for that
IP.

Of course, there's one question here: Why are you bringing the tunnel
down at all?

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
0
Massimo
5/12/2006 7:49:02 AM
"Massimo Rosen" <mrosenno@spamcfc-it.de> wrote in message 
news:44643DEB.E6808E79@spamcfc-it.de...
> Hi,
>
> Eric Raven wrote:
>>
>> Massimo,
>>
>> Thanks for your answer.
>> So if we sent the email from the USA-site directly to the ISP then that 
>> is a
>> solution, I assume?
>
> Well, i wouldn't call it solution. It's a nasty workaround at best.
>
>> If we replace the bordermanager with a watchguard solution, would this 
>> mean
>> that I theoretically have the same problem?
>
> Yes. All IPSEC vpns I know would behave exactly teh same here. If you
> try to reach one of the IPs on the other side of the tunnel (that
> includes the public IPs on the tunnel itself), the VPN will try to
> establish, cause that's what the routing table says where to go for that
> IP.
>
ok. I understand. So if I use another ipaddress for my incoming mail 
(bordermanager mail proxy) which is in the same subnet, that would also be 
ok?

> Of course, there's one question here: Why are you bringing the tunnel
> down at all?
>
Well actually our master vpn server was down for several days, (see next 
topic in this forum)
Craig talked about tunneling over ipx without bordermanager, and I really 
like to have some more info on this. Will save us time in the future ;)

regards,
Eric

> CU,
> --
> Massimo Rosen
> Novell Product Support Forum Sysop
> No emails please!
> http://www.cfc-it.de 


0
Eric
5/13/2006 10:50:23 AM
Hi,

Eric Raven wrote:
> ok. I understand. So if I use another ipaddress for my incoming mail
> (bordermanager mail proxy) which is in the same subnet, that would also be
> ok?

Yes. Actually, the easiest way, if at all possible, is to use a
secondary IPaddress on the other side if possible. Only the one public
IP which is defined as an endpoint for the tunnel isn't reachable,
secondaries work perfectly fine.
 
CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
0
Massimo
5/13/2006 11:26:51 AM
Reply:

Similar Artilces:

Bordermanager vpn vs Cisco router vpn etc
I have a small client with a Novell 5.x server with about 35 clients, many of which are needing some sort of vpn access. Trying to figure out if it is easier to setup border manager for vpn access on the server or simply get a router that will provide vpn access. Which would be easier or more cost effective in this scenario over a dsl connection. Any suggestions or comments are appreciated. Thanks Paul I guess it depends a lot on cost. Do you already have BMgr? (A copy that includes client-site VPN?) If so, just install that and configure it. As for using ...

legacy vpn + new vpn
Hi, I am running a bordermanager nw6 3.7 server configured as a master vpn server. The slave is also a nw6 3.7 server and is in another country. Now we need to put another slave to this vpn, however w'd like to do that with bordermanager 3.8. The question is if we update this server from 3.7 to 3.8, will the legacy vpn run without a problem, while 3.7 on the other side is running. (I think this will be no problem, correct me if I am wrong) On the other hand I want to configure a new master vpn on the same server by use of imanager. The other slave will be the new company. I...

VPN
Where might I find/configure a log of who connects to our VPN, whether or not they login to Netware once connected, etc. The login to Netware portion is relatively unimportant, but I would like to track basic information like remote IP, username, connect time, disconnect time, etc. Netware 6.5, BorderManager 3.8/SP4/IR3. Client is 3.8.11 for all remote users. We currently have two working VPNs - different servers, different OU's. TIA. -S- I don't know if this has changed in later versions of BM but this is how I monitor activity in BM 3.7. Open NWADM...

vpn to vpn connection question
Hello: I've been asked to look into a vpn to vpn connection with a third party vpn server connection to our bm38sp2 vpn. Last week I had asked if this was possible and the answer was yes (but). Currently I have our vpn up and running to allow me secure access from home for remote management. The vpn is setup as the master vpn server. Now, if I try to connect to a third party vpn, will our server be a client in this case (I assume so)? If so, how does this impact our current setup as a master server? Thanks in advance, Chris. PS. Others have suggested (strongly) to si...

vpn
pcanywhere?!?!?! what kind of encryption does that do? not much AFAIK best to use something that encrypts the traffic I have an SME server (e-smith.org Linux) on my cable modem that is my firewall, webserver, email server, router, NAT, etc.... Been using for years, no problems, very secure. The SME has pptp VPN (128bit) built in. works like a charm, (not as secure as 3DES) I routinely nmap my home server and my work server running checkpoint and my home server gets a higher difficulty rating, much higher, FWIW. you could then use pcanywhere thru the tunnel, this is how I ssh into...

VPN
I am about to install VPN services with BorderManager 3.8 and have been reading some of the documentation. Can someone please explain to me the concept of tunneling and it's implementation with BM as this seems to be one of steps to setting up VPN. Any help is appreciated, as this concept is very new to me. Cheers, hi, tunneling is a process for which IP packets are encapsulated within some other protocol at one end of the VPN (like a wrapping that hides a gift, so the recipient cannot tell what's inside), transmitted over the internet to the other end of the VP...

VPN
If I'm using VPN on an unsecured wireless connection can someone see my files if I have file sharing on? It depends on the VPN service, if you are using the Standard Sharing Ports & they are not Encrypted Everyone can see all your files & gain access to them. Check the information on the VPN Service First! "lbc" <ghost@whatever.com> wrote in message news:dlv8cv$8eh$1@news.grc.com... > If I'm using VPN on an unsecured wireless connection can someone see my > files if I have file sharing on? > > ...

vpn
hi i setup dsl connection on my laptop but i can't use it via kinternet kinternet don't show it what can i do? :( -- morteza13581358 ------------------------------------------------------------------------ Please see my post here. 'Bryan 手札 &#8212; 生活記趣 � Opensuse information' (http://lifestory.moqin.com/?cat=344) It will be able to help you. -- Regards, Bryan Yu http://lifestory.moqin.com/ ------------------------------------------------------------------------ df6269's Profile: http://forums.opensuse.org/member.php?userid=7...

VPN
I am using a Sonicwall for VPN connectivity. We are using NetWare 6.5. Can someone please point me to a TID that will explain all the necessary things I need to do to get my remote client to connect to the NetWare servers. Border Manager is NOT being used at all in this environment. thanks On 5/17/2005 dlorenzen@vtg.biz wrote: > I am using a Sonicwall for VPN connectivity. We are using NetWare 6.5. > Can someone please point me to a TID that will explain all the necessary > things I need to do to get my remote client to connect to the NetWare > servers...

vpn
hi i setup my vpn connection i setup it on desktop pc and connected successfully i setup it on laptop(dell inspiron 1520) as like as my desktop and connected but i didn't have any receive what can i do? -- morteza13581358 ------------------------------------------------------------------------ I am not entirely sure what you are trying to get at. What kind of VPN did you try to set up? Is this Vpn on your local computer or in a remote location? -- ghostwind ------------------------------------------------------------------------ ghostwind's Profi...

VPN
We are currently using a Cisco VPN 5001 concentrator authenticating to a Cisco Secure Radius Server. I do not manage this hardware/software. I authenticate just fine to the organization itself but as in any organization, the organization spans multiple subnets, networks, etc. The dilemma I am having is logging into my server once I get authenticated. I have a Novell client installed but I cannot login to the server because it does not find it -- here I'm listing the server name, server tree and context. I've also tried mapping drives to the server by IP addres...

VPN
I have BM 3.7, I can authenticate, but can't log in to Netware "Tree or server can't be found". Thank you Craig If you add an entry for the server to your local HOSTS file, does it work? -- Lance Reynolds, CNE I can use VPN fine when I connect to BM from the same subnet(I have a switch on the public side with a test box), however when I try from dialin or on broadband/ADSL from another subnet I get tree or server can not be found. At the moment we are only using BM for VPN. Thank you Cheers Craig Craig, Ok, but the pro...

windows7 VPN client blocks all other VPN
We have a strange situation at one of our customers. There is a C2S connection on a BM3.9 server. There are 2 PC running XP in the remote location. This setup runs properly since 2-3 years. Yesterday a new PC, Windows 7 ()32bit) was installed in the remote office. Tried to do VPN connection with VPN client 3.9.2 from the Windows & machine, but we got error (Failed to get DH public value). But after this the old XP machines were also unable to connect. After a server restart the windows XP machines are able to login again. 1)Is there any kind of defense mechanism in the BM ...

BMEE VPN and Cisco PIX VPN
Quick question on VPNs. Finally got my Bordermanager VPN to work thru my PIX firewall by being a little creative...by VPNing within a VPN. To explain, the connection goes from my ISP > PIX 515 > Bordermanager 3.7 > Internal network. I have enabled VPN on both the PIX and Bordermanager servers so I connect to the PIX VPN and then to my Bordermanager VPN (within the PIX VPN). The PIX vpn is darned quick, but connecting to my BMEE box is almost too slow to consider useful. I can run programs, but drive mappings come and go and launching any executable from the internal ne...

Web resources about - email delivery besides vpn to specific domain does not work when vpn tunnel is broken - novell.bordermanager.vpn

Delivery - Wikipedia, the free encyclopedia
Text is available under the Creative Commons Attribution-ShareAlike License ;additional terms may apply. By using this site, you agree to the ...

ThoughtWorks Microsite on Continuous Delivery
ThoughtWorks has launched a microsite devoted to Continuous Delivery . At the moment you’ll find some short videos from the ThoughtWorks Live ...

Facebook Offers Midnight Message Delivery For New Year’s Eve
... to get on their mobile devices or computers, can now take care of such matters in advance thanks to the social network’s Midnight Message Delivery ...

More lousy launch weather delays commercial space station delivery, 1st US shipment in months - CTV News ...
For the second day in a row, poor weather stalled a critical space station delivery for NASA on Friday.

Starbucks and Postmates delivery service launches in Seattle
... options, Starbucks Coffee Company also included a nice nugget of news in their version description on the App Store: Coming Soon: Delivery! ...

Amazon takes control of delivery with thousands of semi truck trailers
As Amazon looks for new ways to speed up delivery, the company on Friday announced the purchase of thousands of semi truck trailers. The Seattle-based ...

drone delivery closer to reality
Last holiday season everyone thought an Amazon Drone Delivery service was a joke, or at they very least a far-fetched idea a long time away from ...

Starbucks offers delivery in Seattle - Business Insider Deutschland
... Facebook Seattle Starbucks customers can now use their phones to get coffee delivered wherever they are. Seattle is collaborating with delivery ...

Amazon's new delivery method
Amazon will employ its own fleet of trucks to deliver orders around the country, in addition to existing delivery methods, the company said Friday. ...

IDG Contributor Network: SendGrid expands beyond email delivery, offers marketing email features
A few months ago I wrote an article detailing how one email vendor, Campaign Monitor , was branching out from its traditional email campaign ...

Resources last updated: 12/7/2015 4:44:41 AM