Quite some time ago I had a fiddle with FW-1 SecuRemote with the
specific goal of connecting to our internal MS Exchange server from a
remote laptop. I eventually got it to work, with some limitations. I
have unearthed my sketchy notes, so here they are.
* Load SecuRemote client onto laptop as per user guide (obviously)
* Set the user up to authenticate at the firewall using internal
password.
* Set the firewall to authenticate using internal password.
* Write your firewall rules to allow the traffic in from wherever it
will be coming from, action encrypt etc...
* On the laptop to be used remotely, edit the lmhosts file to include an
entry for the name and ip address of your Exchange server (I seem to
remember that dns and/or WINS was not able to resolve the name - our
internal dns servers are not available from outside the network)
* On the laptop, configure the Exchange client to NOT use network
security during logon (Tools, Services, highlight Microsoft Exchange
Server and click on the Properties button, select Advanced tab, uncheck
'use network security during logon')
* I think I also turned off domain login on the laptop.
I then used the laptop to dial in to my ISP, and tried to connect to our
Exchange server. I seem to remember the response was pretty diabolical,
but it worked in that I could read my in-box and send and receive email.
I could see the encrypted packets logging at the firewall. There were
limitations though, e.g. the Exchange personal address book (PAB) and
personal information store (PST) were not available because the internal
LAN drive they were on couldn't be mapped because I was not logged onto
the LAN domain. (Why ? I don't remember - I said my notes were sketchy
!) Hmmm. . . just musing here - why isn't the Personal Information
Store called the PIS ? :>
We actually wanted to authenticate using SecurID, but SecuRemote only
allows 8 characters password, however we forged on using internal
password authentication at the firewall just to see if we could get it
to work. A password at the firewall is not robust enough for our
authentication needs, and all further thoughts of using this in
production were abandoned. At the time we were running FW-1 V2.0,
Solaris 2.5, SUN SPARC 5, and MS Exchange V4. The laptop used was a
Compaq Armada 4130 24 meg ram. Hope this helps.
Gail
_______________________________________
Gail Holt
Internet Administrator
Health Department of WA
phone: (08) 9222 2429
email: gail .
holt @
health .
wa .
gov .
au
Standard Disclaimer: These opinions are my own.
No one else in their right mind would want them.
_______________________________________
>
>>Can anyone please give me any insight on how to access MS exchange mail
>>from outside of FW-1 using SecuRemote? ANY help is appreciated.
>
>>Thanks!!!
>
>>Jim Crawford
>>Technical Analyst, Sprint Paranet
>>Tulsa, OK
>
>
>
|
|
