Solved: Accessing internal resources via internal->external loopback?

justinfarmer · ‎06-22-2012

Ok, I'm not sure how to word my problem or what it would actually be called so it's likely that there is a question in the forums about this already...

I have an Exchange server hosted on my internal network, which I have to access using the FQDN or internal IP, like "exchange.internalnetwork.local" or 192.168.1.200.

It's also accessible to the outside world via its DNS MX "mail.mydomain.com" or public IP 20.20.20.20 which is actually PAT'd to the internal IP (since I only have one public IP right now). That's all good.

The problem is that when I'm on my internal network, where the Exchange server is, I cannot access the Exchange server via the MX or global IP. So, basically, when I or any of my co-workers are in the office and on the network, we can't get our email unless we all reconfigure our exchange settings to be internal.

Any advise?

I'm running asa 5505 v8.4.

Thanks,

Justin Farmer

Jose Pena · ‎06-22-2012

Justin,

I have an internal Exchange server and I did the next.

domain: mydomain.com

When you are in your internal network, you have to set to MX record to point internally to you local exchange, for example.

exchange.mydomain.com A 192.168.1.200

mydomain.com MX exchange.mydomain.com

So, the problem is the MX resolution internally due the system use the local DNS.

When I'm at home, my tables connects to my local wifi and use internal DNS that it has the confinguration I said before.

You have to do that with any services or server that you host internally.

I hope this resolve your issue.

Regards.

Jos.

View solution in original post

Jose Pena · ‎06-22-2012

Justin,

I have an internal Exchange server and I did the next.

domain: mydomain.com

When you are in your internal network, you have to set to MX record to point internally to you local exchange, for example.

exchange.mydomain.com A 192.168.1.200

mydomain.com MX exchange.mydomain.com

So, the problem is the MX resolution internally due the system use the local DNS.

When I'm at home, my tables connects to my local wifi and use internal DNS that it has the confinguration I said before.

You have to do that with any services or server that you host internally.

I hope this resolve your issue.

Regards.

Jos.

justinfarmer · ‎06-23-2012

Hi Jose, that thought never even crossed my mind! I assume this means that I have to setup my AD and DNS to be authoritative for mydomain.com, not mydomain.local like I have it now, correct?

When I attempt to add a new A record following your suggestion, this is what the FQDN ends up looking like: mail.mydomain.com.mydomain.local. The record also gets filed down a couple of directories in the windows DNS folder structure, which doesn't help any.

Jose Pena · ‎06-23-2012

Justin,

I'm gonna tell you what I have in my network.

Local network: mynetwork.local

Internet domain for email: mydomain.com

go to DNS services and add the "mydomain.com" and add all records that you have in the internet domain, point all services that you have in Internet, for sample.

hosting is in: 5.5.5.5

MX is in: 192.168.100.100 (Internal network.)

add those services to your domain and point them with the name you have in internet

www A 5.5.5.5

exchange MX 192.168.100.100

you will keep your .local record and they are, and you will create your dns records with IP that point out to Internet and other services that you host internally with IPs from you LAN.

You need to create ONLY a new domain in DNS, you don't need to touch anything of DC or AC, ONLY dns configuration.

Let me know if if I wan't clear.

have a nice weekend.