Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
0
Helpful
2
Replies

Mail Essential/DMZ issue

h.stepp
Level 1
Level 1

‎11-09-2001 12:50 PM - edited ‎03-08-2019 09:07 PM

I am having the following problem implementing mail essentials. Users are able to send messages to the mail essentials server but the mail after it has been filters does not send the mail to the Exchange server. If I change the static command so that the public address points directly to the Exchange server is works fine. After talking to the vendor of Mail Essentials they said you should be able to telnet to the Exchange server and we can not. The mail essential server is located on our dmz. The Exchange server is located on the inside interface.

The following is what is configured for inside and dmz and access list.

ip address inside 170.20.6.1 255.255.0.0

ip address dmz2 172.19.240.1 255.255.255.0

static (inside,dmz2) 170.20.0.0 170.20.0.0 netmask 255.255.0.0 0 0

access-list acl_out permit tcp any host 209.190.227.253 eq smtp

access-group acl_out in interface outside

Mail essentials : IP 172.19.240.3

Mask 255.255.255.0

DG 172.19.240.1

I have route inside statements for some of my networks pointing to the internal router but do not have one for the network that the inside interface is part of. If I try to add the following route statement he says a route already exists:

route inside 170.20.0.0 255.255.0.0 170.20.5.2

If a perform a sh route is shows the following routes for the 170.20.0.0 address and dmz:

inside 170.20.0.0 255.255.0.0 170.20.6.1 1 CONNECT static

dmz2 172.19.240.0 255.255.255.0 172.19.240.1 1 CONNECT static

Shouldn't the 170.20.0.0 network be pointing to my internal router and not my inside interface on the PIX?

Any help would be greatly appreciated.

Labels:
0 Helpful
2 Replies 2

wdrootz
Level 4
Level 4

‎11-15-2001 07:06 AM

Everything inside should point at your inside router. That router should then have a gateway of 170.20.6.1. Remember the PIX can’t route, it can only pass traffic on to a router that can so put a route inside 170.20.0.0 255.255.0.0 170.20.x.x (170.20.x.x being your inside router directly connected to the PIX). During troubleshooting, open up an access-list for icmp and get ping connectivity, then troubleshoot forward with tcp (smtp). You may need to use the alias command with your mail gateway on the DMZ.

0 Helpful

jose.calvillo
Level 1
Level 1

‎11-15-2001 07:37 AM

I didn't see a static in place for the 209.190.227.253 address. Is that your exchange server or your Mail Essentials Server? In any case, what I think you should check is the following:

1) Static & ACL in place for Mail Essentials (ME) server. Ensure the ME server ACL states that it can receive port 25 from anywhere.

2) Static & ACL for Exchange server. Ensure the Exchange server's ACL can only receive port 25 from the ME server.

0 Helpful
Customers Also Viewed These Support Documents