https://community.cisco.com/t5/network-security/two-exchange-servers-at-same-network-could-not-send-email-to/m-p/609605#M1032125 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>I couldn't say more without looking at your configuration, but I'd start out with a </P><P></P><P>same-security-traffic permit intra-interface</P><P></P><P>Will allow traffic to go in/out the same interface. This might help.</P><P></P><P>--Jason</P><P></P><P>Please rate this message if it solved some or all of your issue/question.</P></BODY></HTML> Sat, 16 Dec 2006 21:45:02 GMT jgervia_2 2006-12-16T21:45:02Z https://community.cisco.com/t5/network-security/two-exchange-servers-at-same-network-could-not-send-email-to/m-p/609604#M1032124 <P>This is my scenario.</P><P>#1 One PIX 515 has three interfaces:Outside, Inside and DMZ1</P><P>#2. Two Exchange servers in the Inside interface. Server#1 10.0.1.10 hosts abc.com , Server #2 10.0.86.20 hosts xyz.com</P><P>#3. Two Symantec SMTP mail gateway server on DMZ1 interface: SMTP gateway1 - 172.16.1.10, SMTP Gateway2 - 172.16.1.20</P><P></P><P>#4. SMTP Gateway1 forward both inbound and outbound mail for Exchange server 1</P><P> SMTP Gateway2 forward both inbound and outbound mail for Exchange server 2</P><P></P><P>#5. There are Static NAT for one public IP to each SMTP gateways:</P><P></P><P>static (dmz1, outside) 200.211.10.10 172.16.1.10 255.255.255.255</P><P></P><P>static (dmz1, outside) 200.211.10.20 172.16.1.20 255.255.255.255</P><P></P><P>and inculde ACL to permit both inbound and outbound SMTP port 25</P><P>#6. MX record for abc.com is 200.211.10.10</P><P>MX record for xyz.com is 200.211.10.20</P><P></P><P></P><P></P><P>#7. Both Exchange servers could send and receive Internet emails from outside Mail servers, but could not send email between abc.com and xyz.com</P><P></P><P>#8.Have tried to use alias command for DNS doctoring, and did not work.</P><P></P><P>It seems that the PIX outside interface, the both public addresses could not pass traffic to each other. </P><P></P><P>Is there any configure could be done to allow 200.211.10.10 and 200.211.10.20 to send smtp traffic to each other?</P><P></P><P>Thanks in advance </P><P> </P><P></P> Mon, 11 Mar 2019 09:09:50 GMT https://community.cisco.com/t5/network-security/two-exchange-servers-at-same-network-could-not-send-email-to/m-p/609604#M1032124 rawsonfang 2019-03-11T09:09:50Z https://community.cisco.com/t5/network-security/two-exchange-servers-at-same-network-could-not-send-email-to/m-p/609605#M1032125 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>I couldn't say more without looking at your configuration, but I'd start out with a </P><P></P><P>same-security-traffic permit intra-interface</P><P></P><P>Will allow traffic to go in/out the same interface. This might help.</P><P></P><P>--Jason</P><P></P><P>Please rate this message if it solved some or all of your issue/question.</P></BODY></HTML> Sat, 16 Dec 2006 21:45:02 GMT https://community.cisco.com/t5/network-security/two-exchange-servers-at-same-network-could-not-send-email-to/m-p/609605#M1032125 jgervia_2 2006-12-16T21:45:02Z https://community.cisco.com/t5/network-security/two-exchange-servers-at-same-network-could-not-send-email-to/m-p/609606#M1032126 <HTML><HEAD></HEAD><BODY><P>What MX your exchange servers resolves internally?</P><P></P><P>ping mx.abc.com from exchange.xyz.com</P><P>ping mx.xyz.com from exchange.abc.com</P><P></P><P>Muhammad</P></BODY></HTML> Mon, 18 Dec 2006 03:00:26 GMT https://community.cisco.com/t5/network-security/two-exchange-servers-at-same-network-could-not-send-email-to/m-p/609606#M1032126 msubtain 2006-12-18T03:00:26Z https://community.cisco.com/t5/network-security/two-exchange-servers-at-same-network-could-not-send-email-to/m-p/609607#M1032127 <HTML><HEAD></HEAD><BODY><P>From exchange.abc.com, the MX for the mx.abc.com is 200.211.10.10 and</P><P>From exchange.xyz.com, the MX for the mx.xyz.com is 200.211.10.20 </P></BODY></HTML> Mon, 18 Dec 2006 14:56:07 GMT https://community.cisco.com/t5/network-security/two-exchange-servers-at-same-network-could-not-send-email-to/m-p/609607#M1032127 rawsonfang 2006-12-18T14:56:07Z https://community.cisco.com/t5/network-security/two-exchange-servers-at-same-network-could-not-send-email-to/m-p/609608#M1032128 <HTML><HEAD></HEAD><BODY><P>DNS Doctoring should sovle your problem:</P><P>1. check your alias command, they should be</P><P></P><P>alias (dmz1) 172.16.1.10 200.211.10.10 255.255.255.255</P><P>alias (dmz1) 172.16.1.20 200.211.10.20 255.255.255.255</P><P></P><P>2. or your can configure your static with "dns" argument</P><P></P><P>static (dmz1, outside) 200.211.10.10 172.16.1.10 255.255.255.255 dns</P><P>static (dmz1, outside) 200.211.10.20 172.16.1.20 255.255.255.255 dns</P><P></P><P>3. or modify both exchange server HOST file</P><P>mx.abc.com 172.16.1.10</P><P>mx.xyz.com 172.16.1.20</P><P></P><P>In exchange server mx.abc.com ping mx.xyz.com,it should resolved as 172.16.1.20.</P><P></P><P>if the post help,please rate, thanks</P><P></P><P>peng</P><P></P></BODY></HTML> Thu, 21 Dec 2006 19:58:30 GMT https://community.cisco.com/t5/network-security/two-exchange-servers-at-same-network-could-not-send-email-to/m-p/609608#M1032128 pengfang 2006-12-21T19:58:30Z