Exchange Server 2000 over a VPN

[BladeRunner 0]

I've done some research into this however I just thought I'd get the opinions of some people "in the know" here before we deploy anything.

 

Here at work we have a Windows 2000 AD Domain.

We are also using Exchange Server 2000

 

We will soon be opening a small US operation, initially about five people however this will slowly grow over time.

We decided that possibly the best way of connecting the offices would be over a VPN.

We have a CISCO router at both offices that supports VPN tunnels.

So the plan was that all "internal network" traffic would be routed through the "permanent" VPN tunnel between the two offices.

 

There would be a Windows 2000 DC sat in the US offices that will be part of the AD and will receive replication information over the VPN.

At the same time we want to have an Exchange 2000 server sat in the US office which in effect will be a "local" copy of the Exchange Server we currently have in the UK.

The added advantage here is if either Exchange server were to fail then both the UK & US offices would be able to use the remaining Exchange Server.

 

So, the basics are as follows:

 

UK Office - Win2k AD Domain with Exchange 2000 Server

US Office - Part of the same Win2k AD Domain with a local Exchange 2000 server.

Full replication will take place over a "permanent" VPN tunnel formed between the two CISCO routers (one in the UK, one in the US).

 

My "theory" is that the DC & Exchange Server in the US offices will be seen as being part of the main network.

Replication will simply work (albeit slower, 4MB connection here in the UK and a 4MB connection in the US).

 

Can anybody see any potential problems with my theory?

Also can anybody point me in the direction of some documents on how to add a Second Exchange server as a "replication partner" to our existing Exchange 2000 server, or is that quite self explanitory during the installation?

 

Thanks.

[clutch 1]

I don't have anything on Exchange, but I can tell you that we have AD currently running over VPNs, so the theory is sound. We have a central enclave, with hubsites and local sites that have their own DCs and GC copies. We will be switching out to other secure methods to cut down on the communications cost (as we will have 300-500 DCs in CONUS alone) but the VPN solution has worked fine.

[BladeRunner 0]

Thank you kindly for the response.

I've not had the opportunity to test domain replication over a VPN tunnel but knowing how anybody using a tunnel into our network is in effect "part of the network" I just felt it would work.

 

Onto the next stage.....time to spend some money at Dell

[sapiens74 0]

This may not help, but Exchange 2003 can do RPC over HTTP

 

So by using standard HTTPS port 443 you can use RPC through a secure TLS tunnel, with Exchange 2003

 

Something to look forward too I guess

[BladeRunner 0]

That is worth knowing.

We are actually buying Exchange 2003 for the US offices however actually installing Exchange 2000 so that it is the same as the UK offices.

I'll convince the bean counters that upgrading the UK to Exchange 2003 is a good idea and then we can play.