Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
0
Helpful
6
Replies

Exchange 2000 in DMZ won't work

s.bowden
Level 1
Level 1

‎09-18-2002 07:47 AM - edited ‎03-09-2019 12:21 AM

We are having a problem putting an Exchange 2000 server in a DMZ on a PIX 525. We have opened all ports tcp, udp and icmp to all servers on the inside. The Exchange server passes all the netdiag tests and appears to be able to communicate. However, the Information Store on the Exchange 2000 server will not start. When we take the firewall out of the puzzle the Inforamtion Store starts up fine. Has anyone experienced this problem or know anything. We are running 6.2.1.

Labels:
0 Helpful
6 Replies 6

steve.barlow
Level 7
Level 7

‎09-18-2002 09:33 AM

Can you put a sniffer on the subnet to see what the server is trying to do? Also, are you using NAT between them (ie are the servers seeing each other as on the same subnet or are you not using NAT)?

Steve

0 Helpful

ajarina
Level 1
Level 1

‎09-18-2002 04:55 PM

We share at least the same problem. I have a 501 PIX firewall with 1 email server on the inside. It worked well until I configured PPTP on it, then it just ceased to function after a while. Surfing is fine but if i inject a static statement, the email server will not be able to surf now and will not receive email from the outside. I removed the PPTP statements but still it didnt worked until I cleared the configuration and configure it again from scratch. After that, It went fine. I will burn test it for a while before i will configure back the PPTP.

Im just confused why it needed to configure from scratch to make it work. Does that mean to say that I need to start from the beginning every time I will add some configuration? Sounds illogical. I hope they can shed a light on this one.

0 Helpful

bs0000554
Level 1
Level 1

‎09-29-2002 05:13 PM

Plz, send to us how youre building yours "translations slots". I think you problem is in this direction

0 Helpful

svarughe
Level 1
Level 1

‎10-27-2002 02:23 PM

open up the fowwling ports

make sure you open up

445 (TCP) - Server message block (SMB) for Netlogon, LDAP conversion and distributed file system (Dfs) discovery.

3268 (TCP) - LDAP to global catalog servers.

389 (TCP, UDP) - Lightweight Directory Access Protocol (LDAP).

135 (TCP) - EndPointMapper.

123 (TCP) - Windows Time Synchronization Protocol (NTP).

88 (Transmission Control Protocol [TCP], UDP) - Kerberos authentication

53 (Transmission Control Protocol [TCP], User Datagram Protocol [UDP]) - Domain Name System (DNS).

make the this change to the registry

Locate the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

On the Edit menu, click Add Value, and then add the following registry value:

Value Name: TCP/IP Port

Data Type: REG_DWORD

Radix: Decimal

Value: greater than 1024

and

using active directory sites and tools

create a site name and subnet for the dmz

0 Helpful

dtorre
Level 1
Level 1

‎10-29-2002 12:17 AM

Yes, I did have this exact problem upgradin from OS 6.1 to 6.2

The problem is not due to the access lists but to the fixup of LDAP protocol wich was added in versione 6.2.

Disable it (no fixup protocol) and it will work fine.

Also make sure you have disabled fixup of SMTP protocol, that could cause problems too.

For the rest I warmly recomend to close up all unneeded ports.

Please let me know if it helped.

C.

0 Helpful

s.bowden
Level 1
Level 1
In response to dtorre

‎10-29-2002 05:32 AM

Makes sense. We are going to try this. I will let you know the outcome.

Thanks

0 Helpful
Customers Also Viewed These Support Documents