02-08-2011 03:15 PM - edited 03-11-2019 12:47 PM
I have an SBS 2008 server with exchange server and I am trying to route my mail to my internal server. My config and domain info is attached. Thanks for your assistance,
ISP has given me xx.xx.xx.120 as public IP Block, xx.xx.xx.121 as Gateway and xx.xx.xx.122 as First Usable IP.
Jim
Solved! Go to Solution.
02-08-2011 03:28 PM
Your static PAT statement for mail is correct, assuming that you will be using IP Address of xx.xx.xx.122 for your mail traffic.
However, access-list 100 applied to the outside interface is incorrect.
You will have to remove the following:
access-list 100 extended permit tcp xx.xx.xx.120 255.255.255.248 host 192.168.1.20 eq smtp
Then add the following:
access-list 100 extended permit tcp any interface outside eq smtp
Further to that, I assume that you haven't changed your MX record to reflect the new public IP Address of xx.xx.xx.122?
Hope that helps.
02-08-2011 03:28 PM
Your static PAT statement for mail is correct, assuming that you will be using IP Address of xx.xx.xx.122 for your mail traffic.
However, access-list 100 applied to the outside interface is incorrect.
You will have to remove the following:
access-list 100 extended permit tcp xx.xx.xx.120 255.255.255.248 host 192.168.1.20 eq smtp
Then add the following:
access-list 100 extended permit tcp any interface outside eq smtp
Further to that, I assume that you haven't changed your MX record to reflect the new public IP Address of xx.xx.xx.122?
Hope that helps.
02-08-2011 04:03 PM
I have added a new MX (replacing my original external SMTP) for remote.mydomain.com. I will make the access list changes you recommend.
Thanks and I will let you know how it goes.
Jim
02-08-2011 05:57 PM
removed the offending access-list and added the new. My MX has been changed and I don't see any change as of yet. Would it take some time to propagate thru the net?
Thanks,
02-08-2011 06:56 PM
MX record I know that might take a while to propagate.
To quickly test from the Internet, see if you can telnet to the public ip address xx.xx.xx.122 on port 25.
Then check the hitcount on the access-list: show access-list 100
If you are seeing hitcount increase after your test for tcp/25 to the public ip, that means as far as connectivity is concern towards the internal SMTP server, it works just fine.
02-09-2011 05:33 AM
tested using telnet xx.xx.xx.122 25 and recieved "connect failed" several times. I will check to hit count and verify the command structure but do you have any other ideas?
I have 2 MX records with 10 bring the old and 0 being the one that I want to work.
do I need to "clear" or "flush" anything?
Thanks for your help.
02-09-2011 06:58 PM
Can you share the latest configuration from the ASA again with the changes, and also output of "show access-list".
Thanks.
02-09-2011 07:50 PM
The changes that you recommended along with a minor correction resolved the issue. Thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide