Link to home
Start Free TrialLog in
Avatar of OneHump
OneHump

asked on

Friday Quiz

I'm not sure this is appropriate, but this question will certainly be PAQ'd so here it goes:

Answer this question completely and accurately and get 2,000 points:

Configuration:

I have two Exchange server in the same routing group.  No other servers exist in the ORG.
My Exchange server is named "exmail1.mydomain.net"
My Bridgehead server is named "exbh1.mydomain.com"
My Email domain is mydomain.com
I have a DNS server named "INS1" for internal DNS (mydomain.net) with IP 192.168.0.10
I have a DNS server named "NS1" for external DNS (mydomain.com) with IP 131.107.3.10

My mailbox server has one NIC with IP address 192.168.0.100

My FE server has two NICs with the following IP addresses:

External NIC: 131.107.3.126
Internal NIC: 192.168.0.101

Both IP's are in 24 bit subnets

Gateway for 131.107.3/24 is 131.107.3.1
Gateway for 192.168.0/24 is 192.168.0.1

I have a firewall (ef1.mydomain.com) between my 131.107.3/24 subnet and the Internet and I have another firewall (if1.mydomain.net) between the 131.107.3/24 and 192.168.0/24 subnets.

Question:

I want to configure an Internet Email present using the resources listed above.  Everything you need is there.  Please describe, in detail, what needs to be done to do this.

I know the answer and will be the judge of who gets the points.  Closest answer gets full credit.  Here are some hints:

DNS - Which records do I need, how is forwarding setup, if at all, and which EX server uses which NS server?
Firewall - What ports need to be opened?
Connector - What connector do I need, if any, and how should it be configured?
NICs - How do I configure my NICs to deal with this?

There are several problems that need to be solved there.  It's possible that I blew it and missed something above.  If so, point that out and do the best with what I provided and you get credit.

My goal here is to throw some spice into a dull day on the forum and create a thread that might be useful to answer the countless SMTP questions that will be answered here.

Good luck!  ;)


OneHump
SOLUTION
Avatar of Vahik
Vahik

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Vahik
Vahik

OneHump u almost got away with murder.When i first wrote my response i had a few but now i an sober.So here goes my answer
U BLEW  IT AND IT WILL NEVER WORK.
To fix the problem just reverse ur domains and the rest is already
explained.If u keep the present setup an NDR will be generated for every
email that comes in.Disregard my first post.If u think my answer is right
tell me then i will tell u why it wont work.

Now before i go to bed i should mention that u could also make this setup work if in ur MYDOMAIN.com u create the same number of users
as MYDOMAIN.net and contacts corresponding to each user in MYDOMAIN.net and enable forwarding in each users properties page.
Avatar of OneHump

ASKER

OK, here is the answer.  I'm going to split points between you two for participation.  ;)

We're going to assume that exmail1 is my DC/GC/FSMO since others were not specified.

*DNS*

--NS1.mydomain.com

mydomain.com     IN     MX     10 exbh1.mydomain.com    
exchange.mydomain.com     IN     A     131.107.3.126

--INS1.mydomain.net

exmail1.mydomain.net     IN     A     192.168.0.100
exbh1.mydomain.net     IN     A     192.169.0.101

*FIREWALL*

--ef1

Source * - Dest 131.107.3.10/32     TCP/UDP    53  <-- DNS from Internet to NS1
Source 131.107.3.10/32 - Dest *     TCP/UDP    25  <-- DNS from NS1 to Internet
Source * - Dest 131.107.3.126/32   TCP    25  <-- SMTP port from Internet to exbh1
Source 131.107.3.126/32 - *          TCP    25  <-- SMTP port from exbh1 to internet

--if1

Source 192.168.0.101/32 - Dest 192.168.0.100/32     TCP    25  <-- SMTP from exbh1 to exmail1
Source 192.168.0.100/32 - Dest 192.168.0.101/32     TCP    25  <-- SMTP from exmail1 to exbh1
Source 192.168.0.101/32 - Dest 192.168.0.100/32     TCP/UDP    389  <-- LDAP from exbh1 to exmail1
Source 192.168.0.100/32 - Dest 192.168.0.101/32     TCP/UDP    389  <-- LDAP frin exmail1 to exbh1
Source 192.168.0.101/32 - Dest 192.168.0.100/32     TCP    3268  <-- GC to AD from exbh1 to exmail1
Source 192.168.0.100/32 - Dest 192.168.0.101/32     TCP    3268  <-- GC from AD from exmail1 to exbh1
Source 192.168.0.101/32 - Dest 192.168.0.100/32     TCP    691  <-- LSA from exbh1 to exmail1
Source 192.168.0.100/32 - Dest 192.168.0.101/32     TCP    691  <-- LSA from exmail1 to exbh1

Reference:  http://support.microsoft.com/default.aspx?scid=kb;en-us;278339

*CONNECTORS*

Place exbh1 in a routing group called 'Bridgeheads'
Place exmail1 in a routing group called 'North America'

Create 1 SMTP connector for exbh1 with adderss space *, scope Organization, route using DNS
Create 1 RGC between 'Bridgeheads' and 'North America'

You could leave both servers in the same RG but, in planning for growth, I like separating them.  There is also LSA jabber that goes on so it's always best to segregate boxes between firewalls.  This adds a connector.



*NIC CONFIGURATION*

--exmail1

-NIC1

IP - 192.168.0.101
Mask - 255.255.255.0
Default gateway - 192.168.0.1
DNS - 192.168.0.10

--exbh1

-NIC1 (external)

IP - 131.107.3.126
Mask - 255.255.255.0
Default gateway - 131.107.3.1
DNS - 131.107.3.10

-NIC2 (Internal)

IP - 192.168.0.100
Mask - 255.255.255.0
Default gateway -
DNS - 192.168.0.10

-Add static routes:

route add 192.168.0.100 mask 255.255.255.255 192.168.0.1 /p  <--  Creates static route for internal subnet

That's it.  Now here is where I blew it.  I needed to put exmail1 into the mydomain.com zone.  This is because it's not good to name the machine one thing and call it something else in DNS.  This would not be a problem now, but would be if other MXs were added.  Other than that, I think that's it.  This could certainly be extended for OWA/POP/IMAP/IM.

There is a lot of info here, so I might have missed something.  :o|


OneHump

OneHump thanks for the points.I thought this was a real trick question
and not just a configuration one.That is why when i posted my first
answer i told myself this cant be so i changed my answer and decided to  put ur exchanges in two diff forest and tested it and mail would not relay to ur private domain unless  u reversed ur Public and private network setup.Well OneHump There are  two things i love (besides gambling,women and boose)mystery and comady so there was no mystery and the joke is on me.
Since i have been posting to this site there was one interesting question that i answerd and i never got a reply back so i will try to
find it and i will post it later this week so u and kidego could give it a shot.Thanks again.
Avatar of OneHump

ASKER

Sounds good.  I don't think EE can complain since it builds up their PAQs.  I kept seeing questions related to this sort of thing when I was cleaning old cases.  I wanted a URL to refer people to.