Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

exchange behind cisco router not receiving mail

Posted on 2001-06-15
16
Medium Priority
?
1,031 Views
Last Modified: 2006-11-17
We have a cisco router that sits between us and the internet (interface serial 1 inside and interface ethernet 0 outside - ISP facing).

The outside interface has NAT configured and works fine for http, ftp etc.  We also have port 25 configured for NATing.  However, while staff members can send email, the Exchange server has never had any mail delivered to it.  We suspect that there is something more that we need to do (another port perhaps) to get it working.  I have tried telnet 25 from both sides of the router, and that works.

Is there another port that needs to be opened on the router for SMTP/ESMTP to work successfully?

Thanks


Below are some sample commands from the config.

interface Ethernet0
 ip address 73.183.19.70 255.255.255.128
 no ip directed-broadcast
 no ip proxy-arp
 ip nat outside


interface Serial1
 description RCN
 bandwidth 128
 ip address 192.168.10.254 255.255.255.252
 no ip directed-broadcast
 no ip proxy-arp
 ip nat inside
!
ip default-gateway 73.183.19.1
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 192.168.1.3 80 73.183.19.70 80 extendable
ip nat inside source static tcp 192.168.1.3 8880 73.183.19.70 8880 extendable
ip nat inside source static tcp 192.168.1.3 1433 73.183.19.70 1433 extendable
ip nat inside source static tcp 192.168.1.1 102 73.183.19.70 102 extendable
ip nat inside source static tcp 192.168.1.1 3389 73.183.19.70 3389 extendable
ip nat inside source static tcp 192.168.1.1 8100 73.183.19.70 8100 extendable
ip nat inside source static tcp 192.168.1.1 25 73.183.19.70 25 extendable
ip nat inside source static tcp 192.168.1.1 21 73.183.19.70 21 extendable
ip nat inside source static tcp 192.168.1.245 8080 73.183.19.70 8080 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 73.183.19.1
ip route 192.168.1.0 255.255.255.0 192.168.10.253
ip route 192.168.10.0 255.255.255.0 192.168.10.253
ip route 73.183.19.0 255.255.255.0 73.183.19.70
ip route 73.183.19.0 255.255.255.0 73.183.19.1
0
Comment
Question by:ossentoo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 3
  • +1
16 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6196205
I assume that this is not your real config?  Why is the public address on the eithernet interface and the private on the serial?
0
 

Author Comment

by:ossentoo
ID: 6197566
This is the way the installation is configured.  The serial connection actually goes through to another router before getting to the LAN.  The ethernet connection is on a hub with a few other devices that is connected directly to the Internet.  Weird, but functional.
0
 
LVL 56

Expert Comment

by:andyalder
ID: 6197853
Maybe the internet router is configured to send incoming port 25 to one of the other devices on the hub rather than your router.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 11

Expert Comment

by:geoffryn
ID: 6198445
If that is your real address, it does not show any open ports to a scan.  Mail servers cannot deliver if port 25 is not open.
0
 

Author Comment

by:ossentoo
ID: 6199554
Yes it does,

ip nat inside source static tcp 192.168.1.1 25 73.183.19.70 25 extendable

This is sending tcp data from router port 25 to internal smtp server.  This does work, as I can telnet from the internet to the Exchange server, and do get the IMC banner.  The problem is that it doesn't work from an IMC from another Exchange server.  So I'm thinking that there is some other port that is used by IMC.

Alternatively, is there a way to log everything is going on between the IMCs?  We have access to an Exchange server that is elsewhere on the internet and I am thinking of logging all info in order to diagnose the problem. I'm not sure that diagnostic logging on the IMC gives all info.  Is there some other way of looking at the conversation that takes place between the IMCs?

Regards
0
 
LVL 56

Expert Comment

by:andyalder
ID: 6199597
>Yes it does,
>
>ip nat inside source static tcp 192.168.1.1 25 >73.183.19.70 25 extendable

I cannot telnet on port25 to that address, tracert only goes a few hops so I guess it's not the real address understandably, there's probably NAT on the Internet router as well as your wn. Are you testing it from the Internet or from the hub that the main Internet router sits on? Stop your IMS and telnet to it from the Internet and see if you still get a reply to eliminate another host on the hub getting the incoming mail.

Another possibility (assuming Exchange 5.x) is the IIS SMTP service stealing the mail.

You can turn on logging on the IMS think it is on the general properties page, then look in application evt log.

Can you send administrator an email from the internet as per Q153119? There is only port 25 (and DNS) involved. If you tell us the domain name we can try it for you.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6200059
I agree with Andyalder.  I cannot telnet to it. And none of my scanners is able to dectect an open port 25.
0
 

Author Comment

by:ossentoo
ID: 6201110
Yes,

I can telnet into it locally.  I can also send a test message as per the message.

I'm going to try this from the internet and then from the other exchange server and get back to you.

Yeah, it's not the real IP address.

63.103.129.70.  It may be a bit slow.

Regards
0
 
LVL 56

Expert Comment

by:andyalder
ID: 6201383
I can telnet to that address on port 80 (it's MS ISA server) but not on 25 (connect failed). So there must be an access list blocking it on the internet router.
0
 

Author Comment

by:ossentoo
ID: 6201450
ok, i'll have a look at that.  thanks
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6202772
It looks like you fixed your access list problem.  Port 25 is now up. M$ Exchange 5.5 SP4?
0
 
LVL 4

Expert Comment

by:bluezoo7
ID: 6204154
FYI: The default installation of IMC uses no other ports for SMTP mail transport other than 25.

BZ7
0
 

Author Comment

by:ossentoo
ID: 6205262
I can't understand it though, cause even though you can see the port is open, mail still bounces.  Try sending an email to administrator@impalasoft.com and see what I mean.

Regards
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6206741
The reverse record for impalasoft.com appears to be messed up.   A MX lookup should return both the host name and ip address of the mail server, yours only returns the host name.  Contact your ISP or whoever hosts your DNS records.
0
 
LVL 11

Accepted Solution

by:
geoffryn earned 400 total points
ID: 6206791
Another thing, the mail servers name is mail.impalamedia.com.  Is the Impalasoft.com domain listed in the route to inbound section of the IMS?  I got an error saying that the server was not a host for Impalasoft.com, indicating that is it not routed to inbound.
0
 

Author Comment

by:ossentoo
ID: 6207079
You're right geoffryn, I'll check it out.

Thanks
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question