Can't Connect to Exchange Server from Different Subnet

Hi Everyone,

I'm trying to establish exchange emails for users from another office, but I'm having issues with connecting to the Exchange server from that office. Here's the deal.

Here at the the MAIN office, we use a subnet of 192.168.1.xxx and have 6 different servers under one domain. Each server functions for a different purpose. One of those is our EXCHANGE server.

Now I have setup a VPN connection to our SECONDARY office located a few hundred miles away. They use a subnet of 192.168.5.xxx. They have their own server, we'll call it HARBOR, which is also under the the same domain.

I am able to remote into the SECONDARY office server (HARBOR) using either the computer name or the LAN IP, 192.168.5.2, and all the other workstations from the MAIN office.

However, for some reason I can't find, I am not able to add each user's exchange mailbox on their local computers at the SECONDARY office. Their email address have been setup already.

On another note, I can't remote to any server at the MAIN office (192.168.1.xxx) from the SECONDARY (192.168.5.xxx).

Any help would be appreciated. Thank you.

 

I expect this problem is very relevant to the main problem. I would not be at all surprised if curing the problems of connecting from the secondary to the main office fixed your main problem. Even if it doesn't in itself, it will be a prerequisite. You need a working path between the two networks before you can run traffic over that path successfully.

So here is what you need to get working first:

• Network to Network VPN. Single point to single point VPN or Network to single point VPN is at best going to be very difficult to manage, and more likely won't work at all. The simplest and easiest way to get network to network VPN is to use the VPN facility built into hardware firewalls and some routers.
• IP routes set up at both ends. Almost all network traffic is two way request/response communications. The system sending a packet needs to know how to get that packet to the receiver, and the receiver needs to know how to get a response back. That means that the default gateway (and any router between the default gateway and the VPN firewall/router) needs to know that to get to the other network the packet needs to be sent to the VPN tunnel (or the device hosting the VPN tunnel). So for example, the main network default gateway needs to have a route set up to send all traffic for 192.168.5.0/255.255.255.0 to the VPN tunnel. The secondary network default gateway needs to know that traffic to 192.168.1.0/255.255.255.0 must be forwarded to the VPN tunnel. I'd recommend you use static routes on your router/firewalls to set this up (unless the default gateway device is also the VPN end-point in which case the device itself should automatically generate the correct routes). Note that you need routes at both end - there and back!
• Name resolution both ways. You could probably get away with just a DNS entry for the mail server on the SECONDARY network's DNS. On the other hand, the MAIN network DNS will need to know about all of the DNS name space in the SECONDARY network. The easiest way to do this is to make the MAIN network's DNS server a secondary server for the SECONDARY network. That is you go the DNS on the MAIN network and add the SECONDARY network as a secondary zone, with it pointing at the IP address of the SECONDARY network's DNS server.
• The DNS at the SECONDARY network needs to be kept up to date. By far the easiest way to do this, is to tie DHCP to DNS. This needs to be working!
• Don't forget, for name resolution to work correctly, all the client PCs need to have their local network DNS/AD server as their primary DNS, otherwise the previous two steps will have no effect.