IPSec Tunnel and remote microsoft outlook users



  • Hello All,

    I have a branch office with about 30 users. At the main location, I have an exchange 2003 enterprise edition mail server which hosts all the user mailboxes. Currently I configure the mail server to support Outlook Web Access for remote users at the branch office. Howerver, the branch office users want to use the full Microsoft Outlook client instead of the OWA; therefore, I plan to setup an IPSec site to site VPN tunnel between the two locations to provide the branch office users with full Microsoft Outlook.

    Will pfense IPSec VPN tunnel support this much users? Thank very much for any advice or input.



  • This doesn't depend on any pfSense capabilities but on the size of your tunnel. pfSense itself is scalable as hell (just throw enough hardware at it).



  • Chris, thanks for replying, but let say I have a T1 at each location will an IPSec tunnel be able to handle 30 remote users?



  • How am I supposed to know?

    If those 30 useres start up in the morning simultaneously it's getting slow and if they are transfering MByte attachments all day long it won't change.
    It should be sufficient for regular office eMail, though.

    If you are going that route be sure to enable 'Exchange cache mode' at the clients.

    Personally I would either increase the tunnel or invest in a second Exchange install synchronizing to the first through the tunnel. An SBS for domain logons, Exchange and local file serving will do.



  • Thanks Chris.



  • As I told you before in another thread dealing with basically the same topic:
    Have a consultant help you - that's what they are there for if you cannot do it on your own.



  • Chris, it's not that I can't do it but I really don't know the in and out of pfsense. I don't know what's the throughput of the IPSec tunnel to support my situation, and that's why I'm turning to guys for help. Beside I work for a nonprofit organization and we don't have the BUGET to hire consultant. Thanks



  • jle2005, I'll comment here and let you know I've setup several office with the scenerio you have explained.  The only difference is that I have 20 users at the remote site and each site has a full, 1.5 Mbit T1 line.  The connection runs fine all day long and is only slowed when there is either a big file attachment being send ot received in Outlook or when someone locally is downloading or uploading a file and thus slowing the Internet for everyone.  All in all however, the users are fine with this.  I'd feel that the base setup of an IPSEC tunnel between your two sites would be sufficient as well.

    good luck!



  • Thanks razor2000, for the useful information that you have provided me.


Locked