Solved: I cannot access my exchange vlan server from outside (MX-Tools : smtp field to connect)

a.hamdan · ‎10-27-2017

Good day for all,

I have problem with my exchange vlan server :

i have cisco core switch 4506-E and Firewall router fortigate 200D, all my vlan in switch it's configured and working good, and i connect switch with firewall through point-to-point

on switch :

no switchport

ip address 192.168.100.1 255.255.255.0

on router :

ip address 192.168.100.2 255.255.255.0

ip route 192.168.0.0 / 255.255.0.0 192.168.100.1

my vlans :

vlan 1 :

ip address 192.168.1.2 / 255.255.255.0

vlan 10 :

ip address 192.168.10.2 / 255.255.255.0

ip routing.

i can ping all vlans and also router, and also internet browsing working on all vlans.

i can send mail to outside.

but my problem is i cannot receive mail from outside (MX-Tools say cannot connect to smtp)

Note:

The same router working before with L2 switch and every thing was ok but it was on the same subnet.

this problem only happend when i shift to core switch and i change the IP address of router.

Note : my Exchange server on the vlan 1 with this ip : 192.168.1.21

and my DNS is 192.168.1.20

please help me.

paul driver · ‎10-30-2017

Hello

Can you amend the following:

default interface gig3/1
no ip default-gateway 192.168.100.1

int vlan 100
ip address 192.168.100.1 255.255.255.0

int gig3/1
switchport host
switchport access vlan 100

ip routing

Also. Does you router have routes back towards your vlan for return traffic

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

cofee · ‎10-27-2017

If I understand correctly you are able to ping the exchange from router and firewall. Did anything change on the firewall? was firewall rebooted?

Can you make a quick drawing that shows how the traffic is flowing?

a.hamdan · ‎10-27-2017

yes i am able to ping exchange vlan from router
firewall not rebooted ?
this router before working with this ip 192.168.1.2 and connected to l2 switch and all Pcs it was same subnet and gateway it was the router 192.168.1.2
now i have 2 vlan in the core switch l3 connected to this router but with vlan switch 192.168.100.2 and other side in the switch 192.168.100.1 no switchport
and the same old netwark 192.168.1.2 it's now vlan 1
dns and mail servers connected to switch in vlan 1

a.hamdan · ‎10-28-2017

Up

a.hamdan · ‎10-29-2017

Why no reply ?

a.hamdan · ‎10-30-2017

Also I remove the default-gateway 192.168.100.1 as "Paul Driver" Suggest.
this also help me.
Thanks Paul.

paul driver · ‎10-29-2017

Hello

ip address 192.168.100.1 255.255.255.0

on router :

no ip route 192.168.0.0 / 255.255.0.0 192.168.100.1

ip route 192.168.1.0 / 255.255.255.0 192.168.100.1 < to be specific as possible

ip route 192.168.10.0 / 255.255.255.0 192.168.100.1< to be specific as possible

Now with regards sending email but not receiving it, It seems to suggest DNS issue for the MX record has this been update in dns to reflect the ip change and any NAT statements also

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

a.hamdan · ‎10-29-2017

Thank you Paul and Cofee for your reply...

now i can ping every vlan from switch
but i cannot ping from pc to another pc with different subnet

also i can ping the router from switch and PCs
but i cannot ping PCs from router
only i can ping switch and vlan ip address from router

that means my router cannot access to vlan
also the new problem the PCs connected to switch cannot ping each other
find below my switch config:
Core-SW#en
Core-SW#show run
Building configuration...

Current configuration : 5899 bytes
!
! Last configuration change at 13:23:58 UTC Sun Oct 29 2017
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Core-SW
!
boot-start-marker
boot-end-marker
!
!
vrf definition mgmtVrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
ip vrf Liin-vrf
!
ip name-server 192.168.1.20
!
!
ip device tracking
!
power redundancy-mode redundant
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface TenGigabitEthernet1/3
!
interface TenGigabitEthernet1/4
!
interface TenGigabitEthernet1/5
!
interface TenGigabitEthernet1/6
!
interface TenGigabitEthernet1/7
!
interface TenGigabitEthernet1/8
!
interface TenGigabitEthernet2/1
!
interface TenGigabitEthernet2/2
!
interface TenGigabitEthernet2/3
!
interface TenGigabitEthernet2/4
!
interface TenGigabitEthernet2/5
!
interface TenGigabitEthernet2/6
!
interface TenGigabitEthernet2/7
!
interface TenGigabitEthernet2/8
!
interface TenGigabitEthernet2/9
!
interface TenGigabitEthernet2/10
!
interface TenGigabitEthernet2/11
!
interface TenGigabitEthernet2/12
!
interface GigabitEthernet3/1
no switchport
ip address 192.168.100.1 255.255.255.0
spanning-tree portfast
!
interface GigabitEthernet3/2
!
interface GigabitEthernet3/3
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/4
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/5
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/6
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/7
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/8
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/9
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/10
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/11
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/12
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/13
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/14
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/15
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/16
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/17
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/18
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/19
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/20
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/21
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/22
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/23
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/24
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/25
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/26
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/27
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/28
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/29
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/30
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/31
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/32
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/33
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/34
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/35
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/36
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet3/37
!
interface GigabitEthernet3/38
!
interface GigabitEthernet3/39
!
interface GigabitEthernet3/40
!
interface GigabitEthernet3/41
!
interface GigabitEthernet3/42
!
interface GigabitEthernet3/43
!
interface GigabitEthernet3/44
!
interface GigabitEthernet3/45
!
interface GigabitEthernet3/46
!
interface GigabitEthernet3/47
!
interface GigabitEthernet3/48
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 192.168.1.2 255.255.255.0
!
interface Vlan10
ip address 192.168.10.2 255.255.255.0
!
interface Vlan100
no ip address
!
ip default-gateway 192.168.100.1
ip forward-protocol nd
no ip http server
ip route 0.0.0.0 0.0.0.0 192.168.100.2
!
!
!
!
!
line con 0
stopbits 1
line vty 0 4
!
end

Core-SW#
Core-SW#
Core-SW#
Core-SW#
Core-SW#
Core-SW#show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Te1/1, Te1/2, Te1/3, Te1/4
Te1/5, Te1/6, Te1/7, Te1/8
Te2/1, Te2/2, Te2/3, Te2/4
Te2/5, Te2/6, Te2/7, Te2/8
Te2/9, Te2/10, Te2/11, Te2/12
Gi3/2, Gi3/37, Gi3/38, Gi3/39
Gi3/40, Gi3/41, Gi3/42, Gi3/43
Gi3/44, Gi3/45, Gi3/46, Gi3/47
Gi3/48
2 Internal active Gi3/3, Gi3/4, Gi3/5, Gi3/6
Gi3/7, Gi3/8, Gi3/9, Gi3/10
Gi3/11, Gi3/12, Gi3/13, Gi3/14
Gi3/15, Gi3/16, Gi3/17, Gi3/18
Gi3/19, Gi3/20, Gi3/21, Gi3/22
Gi3/23, Gi3/24
3 Production active
4 Procurement active
5 Accounting active
6 Sales active
7 HR active
8 IEP2 active
9 IEP active
10 WiFi active Gi3/25, Gi3/26, Gi3/27, Gi3/28
Gi3/29, Gi3/30, Gi3/31, Gi3/32
Gi3/33, Gi3/34, Gi3/35, Gi3/36
11 IEPC_Guest_Wifi active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
8 enet 100008 1500 - - - - - 0 0
9 enet 100009 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
11 enet 100011 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

Core-SW#
Core-SW#
Core-SW#
Core-SW#
Core-SW#
Core-SW#
Core-SW#
Core-SW#
Core-SW#
Core-SW#copy
% Incomplete command.

Core-SW#write
Building configuration...
Compressed configuration from 5899 bytes to 1893 bytes[OK]
Core-SW#
Core-SW#

That's all

paul driver · ‎10-30-2017

Hello

Can you amend the following:

default interface gig3/1
no ip default-gateway 192.168.100.1

int vlan 100
ip address 192.168.100.1 255.255.255.0

int gig3/1
switchport host
switchport access vlan 100

ip routing

Also. Does you router have routes back towards your vlan for return traffic

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

a.hamdan · ‎10-30-2017

thank you for all
Now every thing is working.
first problem was the ICMP disabled in the PCs windows firewall, after enable it all vlans PCs can ping each other.
the second problem it was the router cannot ping the vlans PCs, but after i make ip route 0.0.0.0 0.0.0.0 192.168.100.1 on the switch for each vlan separate it's worling.

Thank you for all.