PLEASE SOMEBODY HELP ME!!!

harris-ross · ‎01-15-2005

Please Please Please help. I am pulling my hair out!!! Thoroughly stressed and distressed.

My network configuration is as follows:

INTERNET – ROUTER – PIX FIREWALL – ISA SERVER – LAN

I want to route my SMTP traffic into my exchange server inside my LAN. Please NOTE that all devices are configured to NAT . If you could show me how to stop using NAT on the Router and Pix firewall I would be very grateful; because every time I stop Natting on Router or Pix I loose Internet connection. I do not need to NAT with Router or Pix because I am already NATTING with ISA SERVER .

My main problem which is to route SMTP traffic into my exchange server on my LAN. My ISP has configured my MX record as the Public IP of the WAN interface of the Router. I have checked incoming traffic on my Router and I can see SMTP traffic coming in but I am unable to forward it to my Exchange server.

Configuring the ISA server is no problem, all I need is get the traffic to my ISA server.

All I need is help on configuring Router and Pix to allow and to forward smtp traffic to inside LAN.

Please help, I have been up all night for the last 2 days but no joy, I am going crazy. I spent whole weekend installing and configuring Exchange Server 2003 and it is working because I am able to send mail internally.

Please take me through the process of disabling NAT on Router and PIX if possible and then forwarding my SMTP to LAN

Thanks for your time.

Cheers

Tony

sachinraja · ‎01-15-2005

Hi tony,

send me your present PIX & router configurations offline. I will have a look at it and then tell you what commands to apply.

by the way, do you really require to do a nat on the ISA server ? its better you do it on the PIX firewall . you will have more control if u do it there. just let me know if you can bypass this mail server traffic off the ISA server and directly to PIX. that will help us..

Raj

harris-ross · ‎01-16-2005

Raj

I forgot to mention that I have set up ISA server as smtp relay so all we have to do is get the smtp traffic to the ISA server and it will deliver to internal LAN. ISA server is already configured to listen for and deliver smtp traffic to the Exchange server.

In short all we have to do is get the smtp traffic to the ISA server outside interface which is 172.16.172.2 address and it will deliver to the Exchange server internally. The ISA is also configured to relay smtp traffic outbound.

cheers

Tony

sachinraja · ‎01-16-2005

Hi Tony,

saw ur configurations. Why are u complicating things by putting DHCP for outside interface of PIX and then excluding IPs. Please change this. Put a static IP for the outside interface directly:

ip address outside 169.254.169.2 255.255.255.0

This is always advicible.

2) I can see that the IP address of the ISA server is 172.16.172.2. The PIX inside interface is in the subnet 10.0.0.1/24 network. Is the ISA server having another interface in 10.0.0.x network ? If so please tell me where is this IP configured and how to reach it from PIX ??

You need to do nat for the ip 172.16.172.2 to reach the internet smtp server. take the IP which the ISP has made a mx record and do a nat for this IP.

on the pix configure:

static (inside,outside) 169.254.169.10 172.16.172.2 netmask 255.255.255.255

access-list outside permit tcp any host 169.254.169.10 eq 25

access-group outside in interface outside

this should be sufficient for mail communication between the ISA and the ISP DMZ. make sure you are able to reach the 172.16.172.2 IP from PIX.

All the best..

Raj