Solved

exchange behind cisco router not receiving mail

Posted on 2001-06-15
16
957 Views
Last Modified: 2006-11-17
We have a cisco router that sits between us and the internet (interface serial 1 inside and interface ethernet 0 outside - ISP facing).

The outside interface has NAT configured and works fine for http, ftp etc.  We also have port 25 configured for NATing.  However, while staff members can send email, the Exchange server has never had any mail delivered to it.  We suspect that there is something more that we need to do (another port perhaps) to get it working.  I have tried telnet 25 from both sides of the router, and that works.

Is there another port that needs to be opened on the router for SMTP/ESMTP to work successfully?

Thanks


Below are some sample commands from the config.

interface Ethernet0
 ip address 73.183.19.70 255.255.255.128
 no ip directed-broadcast
 no ip proxy-arp
 ip nat outside


interface Serial1
 description RCN
 bandwidth 128
 ip address 192.168.10.254 255.255.255.252
 no ip directed-broadcast
 no ip proxy-arp
 ip nat inside
!
ip default-gateway 73.183.19.1
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 192.168.1.3 80 73.183.19.70 80 extendable
ip nat inside source static tcp 192.168.1.3 8880 73.183.19.70 8880 extendable
ip nat inside source static tcp 192.168.1.3 1433 73.183.19.70 1433 extendable
ip nat inside source static tcp 192.168.1.1 102 73.183.19.70 102 extendable
ip nat inside source static tcp 192.168.1.1 3389 73.183.19.70 3389 extendable
ip nat inside source static tcp 192.168.1.1 8100 73.183.19.70 8100 extendable
ip nat inside source static tcp 192.168.1.1 25 73.183.19.70 25 extendable
ip nat inside source static tcp 192.168.1.1 21 73.183.19.70 21 extendable
ip nat inside source static tcp 192.168.1.245 8080 73.183.19.70 8080 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 73.183.19.1
ip route 192.168.1.0 255.255.255.0 192.168.10.253
ip route 192.168.10.0 255.255.255.0 192.168.10.253
ip route 73.183.19.0 255.255.255.0 73.183.19.70
ip route 73.183.19.0 255.255.255.0 73.183.19.1
0
Comment
Question by:ossentoo
  • 6
  • 6
  • 3
  • +1
16 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6196205
I assume that this is not your real config?  Why is the public address on the eithernet interface and the private on the serial?
0
 

Author Comment

by:ossentoo
ID: 6197566
This is the way the installation is configured.  The serial connection actually goes through to another router before getting to the LAN.  The ethernet connection is on a hub with a few other devices that is connected directly to the Internet.  Weird, but functional.
0
 
LVL 55

Expert Comment

by:andyalder
ID: 6197853
Maybe the internet router is configured to send incoming port 25 to one of the other devices on the hub rather than your router.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6198445
If that is your real address, it does not show any open ports to a scan.  Mail servers cannot deliver if port 25 is not open.
0
 

Author Comment

by:ossentoo
ID: 6199554
Yes it does,

ip nat inside source static tcp 192.168.1.1 25 73.183.19.70 25 extendable

This is sending tcp data from router port 25 to internal smtp server.  This does work, as I can telnet from the internet to the Exchange server, and do get the IMC banner.  The problem is that it doesn't work from an IMC from another Exchange server.  So I'm thinking that there is some other port that is used by IMC.

Alternatively, is there a way to log everything is going on between the IMCs?  We have access to an Exchange server that is elsewhere on the internet and I am thinking of logging all info in order to diagnose the problem. I'm not sure that diagnostic logging on the IMC gives all info.  Is there some other way of looking at the conversation that takes place between the IMCs?

Regards
0
 
LVL 55

Expert Comment

by:andyalder
ID: 6199597
>Yes it does,
>
>ip nat inside source static tcp 192.168.1.1 25 >73.183.19.70 25 extendable

I cannot telnet on port25 to that address, tracert only goes a few hops so I guess it's not the real address understandably, there's probably NAT on the Internet router as well as your wn. Are you testing it from the Internet or from the hub that the main Internet router sits on? Stop your IMS and telnet to it from the Internet and see if you still get a reply to eliminate another host on the hub getting the incoming mail.

Another possibility (assuming Exchange 5.x) is the IIS SMTP service stealing the mail.

You can turn on logging on the IMS think it is on the general properties page, then look in application evt log.

Can you send administrator an email from the internet as per Q153119? There is only port 25 (and DNS) involved. If you tell us the domain name we can try it for you.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6200059
I agree with Andyalder.  I cannot telnet to it. And none of my scanners is able to dectect an open port 25.
0
 

Author Comment

by:ossentoo
ID: 6201110
Yes,

I can telnet into it locally.  I can also send a test message as per the message.

I'm going to try this from the internet and then from the other exchange server and get back to you.

Yeah, it's not the real IP address.

63.103.129.70.  It may be a bit slow.

Regards
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 55

Expert Comment

by:andyalder
ID: 6201383
I can telnet to that address on port 80 (it's MS ISA server) but not on 25 (connect failed). So there must be an access list blocking it on the internet router.
0
 

Author Comment

by:ossentoo
ID: 6201450
ok, i'll have a look at that.  thanks
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6202772
It looks like you fixed your access list problem.  Port 25 is now up. M$ Exchange 5.5 SP4?
0
 
LVL 4

Expert Comment

by:bluezoo7
ID: 6204154
FYI: The default installation of IMC uses no other ports for SMTP mail transport other than 25.

BZ7
0
 

Author Comment

by:ossentoo
ID: 6205262
I can't understand it though, cause even though you can see the port is open, mail still bounces.  Try sending an email to administrator@impalasoft.com and see what I mean.

Regards
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6206741
The reverse record for impalasoft.com appears to be messed up.   A MX lookup should return both the host name and ip address of the mail server, yours only returns the host name.  Contact your ISP or whoever hosts your DNS records.
0
 
LVL 11

Accepted Solution

by:
geoffryn earned 100 total points
ID: 6206791
Another thing, the mail servers name is mail.impalamedia.com.  Is the Impalasoft.com domain listed in the route to inbound section of the IMS?  I got an error saying that the server was not a host for Impalasoft.com, indicating that is it not routed to inbound.
0
 

Author Comment

by:ossentoo
ID: 6207079
You're right geoffryn, I'll check it out.

Thanks
0

Featured Post

Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video discusses moving either the default database or any database to a new volume.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now