Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
6
Replies

Mailserver front-end/back-end problem

fembsen
Level 1
Level 1

‎09-16-2002 01:50 AM - edited ‎03-09-2019 12:19 AM

Hello,

I have got an Exchange 2000 front-end/back-end configuration where both servers are on seperate interfaces of a PIX 515. The front-end is on a lower security level.

When I use PIX IOS 6.1.1 everything works fine but when I use a later version of PIX IOS the front-end server won't start properly. That is, the information store (and thus IMAP4 and POP3) won't start.

Is this a new 'feature' in the later PIX IOS versions, are there some new commands that I need to use, is it a bug in the PIX IOS versions? Can anyone tell me what causes this problem?

I hope someone can help me with this.

Regards, Frank

Labels:
0 Helpful
6 Replies 6

yusuff
Cisco Employee
Cisco Employee

‎09-17-2002 01:41 AM

The implementation is no different in newer versions of PIX. Double check your config and that you have the required ports/static translation configured correctly. Check what the logs say. If you still think it is a problem, open a TAC case and they should be able to investigate in detail. There are slim chances that it could be a bug though.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/msexchng.htm

HTH

R/Yusuf

0 Helpful

fembsen
Level 1
Level 1

‎09-17-2002 02:07 AM

Thanx for the info but I have tried about everything I could think of. I even set the PIX 'wide open' and it still wouldn't work. I have looked at logs and network traces but they don't show anything that hints a problem.

Again thanx for the info, Frank

0 Helpful

ajarina
Level 1
Level 1
In response to fembsen

‎10-01-2002 04:40 PM

We have the same problem. Im using PIX501. Everybody can surf except for the email functionality. When I try to enter the static translation, the mail server then stops surfing. Ive been reading lots of articles and I just entered the right commands based on that article. I dont know what im missing here. Please email (ajarina@ngkhai.com) me if you able to find the answer. Thnks.

0 Helpful

svarughe
Level 1
Level 1

‎10-27-2002 02:20 PM

open up the fowwling ports

make sure you open up

445 (TCP) - Server message block (SMB) for Netlogon, LDAP conversion and distributed file system (Dfs) discovery.

3268 (TCP) - LDAP to global catalog servers.

389 (TCP, UDP) - Lightweight Directory Access Protocol (LDAP).

135 (TCP) - EndPointMapper.

123 (TCP) - Windows Time Synchronization Protocol (NTP).

88 (Transmission Control Protocol [TCP], UDP) - Kerberos authentication

53 (Transmission Control Protocol [TCP], User Datagram Protocol [UDP]) - Domain Name System (DNS).

make the this change to the registry

Locate the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

On the Edit menu, click Add Value, and then add the following registry value:

Value Name: TCP/IP Port

Data Type: REG_DWORD

Radix: Decimal

Value: greater than 1024

and

using active directory sites and tools

create a site name and subet for the dmz

0 Helpful

dtorre
Level 1
Level 1

‎10-29-2002 01:10 AM

Yes, after 6.1 versione Cisco added a new fixup feature for the LDAP protocol.

That's your problem.

LDAP fixup is blocking proper communication between front end and back end.

Disable it, it will work.

C.

0 Helpful

fembsen
Level 1
Level 1
In response to dtorre

‎10-29-2002 03:26 AM

Thanx very much. That was the answer I was looking for.

0 Helpful
Customers Also Viewed These Support Documents