Solved

Exchange Sites Sync through pix

Posted on 2006-06-13
10
264 Views
Last Modified: 2013-11-16
Hello,
We are attempting to connect Exchange 2003 servers behind multiple pix firewalls and having trouble getting the mailboxes on site B to sync with Site A.

Site A - contains our main Exchange server and sits behind a pix 515

Site B - is our test lab sitting behind a pix 501 configured for a VPN tunnell to Site A.

The networks communicate for most features - file transfer, AD sync, and pretty much all other network traffic except for our Exchange problem.  Our Site A Exchange server recognizes our site B exchange server for everything except mail delivery.

Does anyone know what/where I need to add static or conduit statements on either Pix?  And if so, can you give me an example?  Or is it an Exchange configuration issue?

This issue is urgent for us, and any help is appreciated.  

Thanks,
Jonathan


0
Comment
Question by:fulcherjl
10 Comments
 
LVL 13

Expert Comment

by:prashsax
ID: 16894832
You must have created a VPN between both sides.

This will enable you to open all the IP traffic between them.

Now, since you have two sites and exchange sits on each sites.

You need to create routing connector so that your exchange starts routing mails in between them.

0
 
LVL 10

Expert Comment

by:Sorenson
ID: 16895040
If you are in the same AD domain, then you shouldn't need a routing connector.  On both pix, be sure that the smtp fixup is turned off.  This will kill exchange config and intersite messaging.
0
 
LVL 10

Accepted Solution

by:
Sorenson earned 500 total points
ID: 16895052
for pix 6.x

no fixup protocol smtp 25    

0
 

Author Comment

by:fulcherjl
ID: 16895079
Ok, I will try that - and let you know asap.

0
 
LVL 25

Expert Comment

by:Ron M
ID: 16895298
agree with Sorenson.

Please post your config, blocking out the IP's of course....that will help us to assist you  further.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:fulcherjl
ID: 16895353
For the moment, I have turned off smtp 25 on both firewalls -

Currently, Mails will travel from site B - out to Site A - and out to the outside world.  Email TO Site B however still gets stuck in our Test Lab Routing group connector in Site A.  I see from Sorenson, that a routing group connector does not need to be there - the connector was initially setup by a coworker as a test.  

I will remove it and see where that gets us.

keep any suggestions coming.  I welcome the assistance and will award the points as soon as mail is successfully routed to site B.

.....more soon......
0
 
LVL 10

Expert Comment

by:Sorenson
ID: 16896255
Are both exchange servers in the same AD domain?  Remove routing group connector, then stop - start SMTP under servers - protocols in ESM.
0
 

Author Comment

by:fulcherjl
ID: 16896826
Yes, both Exchange servers are in the same AD domain.  We removed the routing group connector, stopped then restarted SMTP through ESM with no luck with our current test account.  Still - messages can be sent from site B to anywhere in site A/the world - but messages to mailboxes in Site B are getting hung in the Queue called testerv.BLANK.ORG

But at this point, the exchange servers are communicating on all ports - now i beleive we are up against an Exchange issue.  

Our Que list on our main Exchange Server looks like this regarding SMTP connections - Our issue is with mailboxes on "testserv"

SMTP Connector to Viruswall - [192.168.0.3] (SMTP Connector) SMTP Default SMTP Virtual Server Active 0
SMTP Mailbox Store (MARS)   X400 Exchange MTA Active 0
testserv.blank.org SMTP Default SMTP Virtual Server Retry 4



Thanks for the Pix tip Sorenson - the points are yours.  Any other help you can offer is greatly appreciated.


General question - at this point, should i reopen this issue in another forum?

0
 
LVL 10

Expert Comment

by:Sorenson
ID: 16897350
with regards to the messages stuck in queue.  Can you telnet between the exchange servers directly on port 25 ?

ie:  telnet x.x.x.x  25  and enter simple commands (helo, etc) between the servers?  or does the viruswall intercept and proxy the requests? Exchange servers send config info via smtp, and most firewalls / smtp proxies see this traffic as non-rfc compliant and dump it.  Unfortunately it is needed :)

If the telnets both directions are clean, then I would freeze the queue, remove all messages from it, restart the queue, and then restart the smtp (under protocols, in ESM).

0
 

Author Comment

by:fulcherjl
ID: 16897456
Telnet traffic seems fine between the two - getting "Hello" responses each way with no issue.

I took your suggestion about freezing the queue, removing messages, restarting the queue and restarting smtp on both servers via ESM to no avail unfortunately.

We will keep digging until we find an answer.  Thanks again for all of your help and suggestions in getting our telnet traffice between the two up and running.  if you have any other ideas, let me know.

Thanks,
Jonathan



0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now