cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
868
Views
0
Helpful
3
Replies
Highlighted
Beginner

How to configure ISA570W with E-mail Server in LAN

I got a Mail Server in my LAN that works perfectly until I just switched my routers, I was using a CISCO RV082 before, and now I'm using an ISA570W but I can't receive/send e-mail now, what do I need to do ?

3 REPLIES 3
Highlighted
Contributor

Make sure your email server is configured to go through the ISA5xx firewall for outbound traffic. Turn on the SPAM Filter in the Security Services section of the ISA5xx UI. Enter the IP Address of your internal SMTP server in the SMTP Server Address Field and tweak other settings as needed. Based on some identified bugs with other Security Services going offline, I'd recommend leaving the Service Outage set to Accept(Default). From there I would check the Access Rules to ensure to ensure you have an entry to allow SMTP (TCP 25) inbound on the WAN interface's IP. I would also ensure you have a NAT statement for SMTP traffic.
Source - Your internal SMTP Server
Destination - Any
Translation - WAN IP

That should get the email flowing. To be candid, I don't use this feature as I use a different solution for SPAM control so I am speaking a little bit in theory, but I don't see why you would need anything different than this. Please see the link below for additional information.

http://www.cisco.com/en/US/docs/security/small_business_security/isa500/administration/guide/ISA500_security_service.html#wp1265763


Sent from Cisco Technical Support iPad App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Highlighted

I'll not use the SPAM service from the ISA570w because I'm already using a SPAM Solution on my E-mail server. I have pin-pointed the problem, I got a DNS problem here. When my inside (LAN) computers are trying to resolve the domain: mail.delbravo.com they are routed to the Public IP, I just changed the domain name on the E-mail Clients for the Private IP on my E-mail server and they are working fine, the rare thing here is that my old RV082 was able to resolve the domain: mail.delbravo.com without a problem and the ISA570W for some reason is not resolving the domain name, or may be I need to configure my firewall better, I don't know !

Highlighted

I'm familiar with the challenge you're referring to. In the PIX/ASA this was referred to as DNS doctoring wherein you could use a static command to get the firewall to convert a DNS request resolved to a public IP by a DNS server outside of your network to convert it to the proper internal IP. I don't believe that functionality exists in the ISA. As a future reference it's a recommended best practice to have an internal DNS server if you're hosting services that need to be accessible by name resolution both internally and externally or if you're running Active Directory and then configure DNS forwarders on your internal DNS server. This will cut down internal broadcast traffic significantly. Glad you got it worked out.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.