1. Home
  2. Networking Firewalls
  3. Strange issue with Checkpoint VPN users and Exchange 2003

Strange issue with Checkpoint VPN users and Exchange 2003

Hello Gurus,

We have recently upgraded from MS Exchange 5.5 to MS Exchange 2003. Since then our VPN users have been complaining about issues with downloading their emails to outlook 2003. The strange thing is, when we reboot the exchange server, things start working again for them for a few days (a week maybe). After a week the issue starts again for them. They are not able to download emails. We are using Checkpoint Firewall v.R55.

Is there any extra setting on the firewall or the Exchange server that we are missing? I have been monitoring the firewall and I cant see tcp packets flowing from the Exchange server to the client when there is a connection request. UDP packets do work. The client can ping the Exchange server.

Any help would be appreciated.

thanks Ankit

Reply to
apsolar
Loading thread data ...

On 3 May 2007 16:38:22 -0700, apsolar@... wrote in microsoft.public.exchange.admin, microsoft.public.exchange.setup, comp.security.firewalls:

I found that problems with Outlook connecting to the Exchange server over a VPN are mostly caused by DNS difficulties. Typical scenario: they can map network drives, they can ping the Exchange server, they can telnet to port 25 on the Exchange server, but Outlook doesn't want to connect.

I found it easiest to correct by providing an appropriate entry in the hosts file.

Others have suggested that, if running ISA, to disable RPC Filter.

Reply to
Michael Bednarek

Just a guess but try lowering the MTU and see if fragmentation is causing the issue. I know this is a problem on Juniper firewalls on the Exchange upgrade.

Here's a free TCP Optimizer to check/set the MTU...

formatting link
Post the solution when you find it.

alan

Reply to
Alan Strassberg

Hello Guys,

I checked the DNS and host file. They have the right entries.

I also lowered the MTU (1372) on one of the clients at a remote VPN site. Now this fixed the problem on that machine. So I will look at implementing this change for that site.

But it still doesn't work for my GPRS connection. I can ping the Exchange server with a packet size of 128bits max. It won't be practical to lower the MTU to 128. I still tried it but it didn't work.

Any other suggestions. Is there a fix that I can apply to the Exchange server?

regards Ankit

Reply to
apsolar

Hello Guys,

I have found the solution for this problem.

here is the link to the solution:

formatting link
thanks for support Ankit

Reply to
apsolar

What a surprise, a fix by Microsuck breaks their own product it was designed to fix... never heard of such a thing, huh?

Welcome to the wonderful world of winBlows....

RedForeman

Reply to
RedForeman

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.