I wonder if someone could offer some advice?
Let take a second to explain the network topology we have here - briefly:
Single subnet LAN - comprising NT network with the odd bit of Novell kit.
Our comms machine runs MS Exchange 5.5 and Proxy 2.0 (it also has RRAS for
VPNs but this doesn't work because of the router listed below).
This comms machine is multihomed (I believe this is the term for 2 network
cards) The internal network as above and the external network connects to a
CISCO 760 series ISDN router. This machine is the BDC - the seperate PDC is
also the internal DNS server.
Currently, all internet access works fine via the router. This is using port
address translation to hide all internal IP addresses and present as one.
Exchange happily fires off through the link too - and when connected - our
SMTP feed pushes into the Exchange server. We have 'firewalling' set up on
the router and with MS Proxy.
There are two issues I want to raise.....
1. One problem we have is that MS Exchange brings up the ISDN link every
time an externally destined email is sent - and I don't believe it is
possible to get Exchange to hold the outbound mail and fire it off at
predetermined intervals. This is costing us a fortune..... We send large
amounts of externally bound email - all quite small - but with the ISDN line
being brought up very often, you can guess what the bill is like (5-10 sends
per hour). When we used modems, this could be achieved because Exchange used
RAS connections which could be limited to 'batch' dial-outs. This no longer
is true for the router setup.
2. We have an ISDN modem which I daresay we could use instead of the router
to give us limited dial-out but then we become reliant upon MS Proxy
firewalling as we loose the router. Is MS Proxy secure enough? (Seriously
please Linux boys and girls :-) ) And will Linux provide the internal IP
address 'hiding' - presenting one address to the outside world? Should we
drop a linux box in between the MS-Proxy/Exchange and the ISDN? Is this hard
to administer/setup as a dedicated firewall.
We want to set up a system with http. ftp etc initialed dialout (MS Proxy)
but not by email (MS Exchange) which we can fire off every couple of hours
or so (We have a batch file which can do this in reverse in order to recieve
We need it to be secure (!) or should I say as secure as possible... and it
would be cool if we could get VPN too (MS RRAS flavor) via the ISDN modem as
the router will not handle the encapsulation properly.
Oh and finally, the funds available are very limited, so a big
UNIX/commercial solution is probably prohibitively costly.
All ideas welcome.