Our company has a wingate 6 installation.
We are using Wingate Mail
We are using Wingate User Database.
We need two of our managers to send and recieve mail from their laptops securely (TLS or SSL - connecting using a dial up connection with non static ip). They are using Microsoft outlook 2003 Mail Client
The problem is that that the can't authenticate for POP3
Reading the help file I found out that there is a problem with MS Outllook TLS Support.
I can think two possible solutions to this problem.
1. Set Wingate using Windows user database.
(Does this configuration work?)
2. Installing Wingate VPN for two clients
(There is no need for them to connect to out network- But I want to ask if a user connected using VPN will be authenticated by wingate and so bypass the POP3 authentication problem)
Or maybe you can suggest another solution to this problem.
Thanks.
Sending and recieving mail securely using MS Outlook 2003
Moderator: Qbik Staff
6 posts
• Page 1 of 1
Sending and recieving mail securely using MS Outlook 2003
by npetropoulos » Nov 25 05 11:32 pm
- npetropoulos
- Posts: 5
- Joined: Oct 25 05 11:36 pm
by adrien » Nov 26 05 11:09 am
Hi
Either method should work, since if you use the Windows user database, then Outlook can use NTLM authentication.
If you use a VPN, you can configure Outlook to connect to the internal interface of WinGate, which will then be deemed trusted, so Outlook won't need to authenticate for sending mail. Outlook can authenticate using USER/PASS then for POP3 (i.e. disable "use secure authentication" in outlook).
Regards
Adrien
Either method should work, since if you use the Windows user database, then Outlook can use NTLM authentication.
If you use a VPN, you can configure Outlook to connect to the internal interface of WinGate, which will then be deemed trusted, so Outlook won't need to authenticate for sending mail. Outlook can authenticate using USER/PASS then for POP3 (i.e. disable "use secure authentication" in outlook).
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by npetropoulos » Nov 29 05 2:21 am
Thank you Adrien for your confirmation.
I would like to ask if there is a trial licence for Windows VPN ,so that I could test this configuration for mail.
As I said before we have a Wingate Licence (not Windows VPN)
Thanks again.
I would like to ask if there is a trial licence for Windows VPN ,so that I could test this configuration for mail.
As I said before we have a Wingate Licence (not Windows VPN)
Thanks again.
- npetropoulos
- Posts: 5
- Joined: Oct 25 05 11:36 pm
by adrien » Nov 29 05 10:37 am
Hi, yes there is a trial for WinGate VPN.
To get one, you run license management either from GateKeeper or Start->Programs->WinGate->License management. Then click the add button, and in the bottom of the dialog select "WinGate VPN", proceed from there.
Regards
Adrien
To get one, you run license management either from GateKeeper or Start->Programs->WinGate->License management. Then click the add button, and in the bottom of the dialog select "WinGate VPN", proceed from there.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by npetropoulos » Dec 10 05 12:08 am
Hello again.
I installed the trial version of VPN to our server and to one notebook.
There is no problem to the VPN Connection but there are still problems about connecting to the POP3 server from microsoft outlook.
The wingate users are
user A - This user have to get the mail from the notebook using dial up
user B - Only check mail from office
user C - Only check mail from office
The VPN policies settings are:
User A (Must be authenticated)
Note: (In the vpn settings of the client I set the usrename and password for user A)
The POP3 Policiy settings are:
* Everyone - Restricted By Location (User may be unknown, Allowed Locations : 192.168.0.*)
* A - Restricted by security Level (User must be authenticated - no entries in the location tab )
Default rights: System policies : are ignored
User A that using the laptop connects to the VPN without problem
But still outlook authentication fails.
When in the policies configuration I change the setting for user A
from:
A - Restricted by security Level (User must be authenticated )
to
A - Restricted by security Level (User may be assumed)
the following happens
user A can connect to pop3 server and get mail without problem
BUT
as i was testing this solution i found out that i could get the mail
for user B and and C too (By setting up a mail account in outlook and provide their credentials) even this is not allowed from the VPN and POP3 policies[/u]
I installed the trial version of VPN to our server and to one notebook.
There is no problem to the VPN Connection but there are still problems about connecting to the POP3 server from microsoft outlook.
The wingate users are
user A - This user have to get the mail from the notebook using dial up
user B - Only check mail from office
user C - Only check mail from office
The VPN policies settings are:
User A (Must be authenticated)
Note: (In the vpn settings of the client I set the usrename and password for user A)
The POP3 Policiy settings are:
* Everyone - Restricted By Location (User may be unknown, Allowed Locations : 192.168.0.*)
* A - Restricted by security Level (User must be authenticated - no entries in the location tab )
Default rights: System policies : are ignored
User A that using the laptop connects to the VPN without problem
But still outlook authentication fails.
When in the policies configuration I change the setting for user A
from:
A - Restricted by security Level (User must be authenticated )
to
A - Restricted by security Level (User may be assumed)
the following happens
user A can connect to pop3 server and get mail without problem
BUT
as i was testing this solution i found out that i could get the mail
for user B and and C too (By setting up a mail account in outlook and provide their credentials) even this is not allowed from the VPN and POP3 policies[/u]
- npetropoulos
- Posts: 5
- Joined: Oct 25 05 11:36 pm
by adrien » Dec 12 05 10:45 am
Hi
the VPN policies only define who can connect to the VPN server and join a VPN - they don't control what services are available over that VPN.
Also I don't think that logging in with the VPN client will provide authentication.
depending on the auth method you use, you get a different security level. Since USER/PASS is weak it is only deemed to make a user assumed rather than authenticated. Since you are connecting over a VPN though, the USER/PASS commands are encrypted, so it is safer to use them. You would need to modify the policies as you said (i.e. make it so user may be assumed) in order to log in.
It is normal for anyone with access to a POP3 server however to be able to access any account they have credentials for.
You could tighten the POP3 service policies so that the only machines that have access to account B and C are those machines.
the VPN policies only define who can connect to the VPN server and join a VPN - they don't control what services are available over that VPN.
Also I don't think that logging in with the VPN client will provide authentication.
depending on the auth method you use, you get a different security level. Since USER/PASS is weak it is only deemed to make a user assumed rather than authenticated. Since you are connecting over a VPN though, the USER/PASS commands are encrypted, so it is safer to use them. You would need to modify the policies as you said (i.e. make it so user may be assumed) in order to log in.
It is normal for anyone with access to a POP3 server however to be able to access any account they have credentials for.
You could tighten the POP3 service policies so that the only machines that have access to account B and C are those machines.
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 108 guests