cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
523
Views
0
Helpful
6
Replies

Mailserver front-end/back-end problem

fembsen
Level 1
Level 1

Hello,

I have got an Exchange 2000 front-end/back-end configuration where both servers are on seperate interfaces of a PIX 515. The front-end is on a lower security level.

When I use PIX IOS 6.1.1 everything works fine but when I use a later version of PIX IOS the front-end server won't start properly. That is, the information store (and thus IMAP4 and POP3) won't start.

Is this a new 'feature' in the later PIX IOS versions, are there some new commands that I need to use, is it a bug in the PIX IOS versions? Can anyone tell me what causes this problem?

I hope someone can help me with this.

Regards, Frank

6 Replies 6

yusuff
Cisco Employee
Cisco Employee

The implementation is no different in newer versions of PIX. Double check your config and that you have the required ports/static translation configured correctly. Check what the logs say. If you still think it is a problem, open a TAC case and they should be able to investigate in detail. There are slim chances that it could be a bug though.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/msexchng.htm

HTH

R/Yusuf

fembsen
Level 1
Level 1

Thanx for the info but I have tried about everything I could think of. I even set the PIX 'wide open' and it still wouldn't work. I have looked at logs and network traces but they don't show anything that hints a problem.

Again thanx for the info, Frank

We have the same problem. Im using PIX501. Everybody can surf except for the email functionality. When I try to enter the static translation, the mail server then stops surfing. Ive been reading lots of articles and I just entered the right commands based on that article. I dont know what im missing here. Please email (ajarina@ngkhai.com) me if you able to find the answer. Thnks.

svarughe
Level 1
Level 1

open up the fowwling ports

make sure you open up

445 (TCP) - Server message block (SMB) for Netlogon, LDAP conversion and distributed file system (Dfs) discovery.

3268 (TCP) - LDAP to global catalog servers.

389 (TCP, UDP) - Lightweight Directory Access Protocol (LDAP).

135 (TCP) - EndPointMapper.

123 (TCP) - Windows Time Synchronization Protocol (NTP).

88 (Transmission Control Protocol [TCP], UDP) - Kerberos authentication

53 (Transmission Control Protocol [TCP], User Datagram Protocol [UDP]) - Domain Name System (DNS).

make the this change to the registry

Locate the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

On the Edit menu, click Add Value, and then add the following registry value:

Value Name: TCP/IP Port

Data Type: REG_DWORD

Radix: Decimal

Value: greater than 1024

and

using active directory sites and tools

create a site name and subet for the dmz

dtorre
Level 1
Level 1

Yes, after 6.1 versione Cisco added a new fixup feature for the LDAP protocol.

That's your problem.

LDAP fixup is blocking proper communication between front end and back end.

Disable it, it will work.

C.

Thanx very much. That was the answer I was looking for.