Solved

New ISP.. Transparent to Exchange?

Posted on 2006-11-08
22
263 Views
Last Modified: 2008-01-09
Hello, we are moving to a new ISP so obviously our public IP is going to change. I assume this change is transperant to Exchange? We only have a single Exchange 2003 server in-house.

I am thinking all I have to do is update our DNS forwarders and the PIX (our DNS\DC\Exchange are all on one box). Don't panic. This is a small org with only 10 users. :)

Thanks!
0
Comment
Question by:Justin Durrant
  • 14
  • 5
  • 2
  • +1
22 Comments
 
LVL 14

Assisted Solution

by:inbarasan
inbarasan earned 50 total points
ID: 17897325
Dear jjdurrant,
You need to take card of MX record. If the MX points to Present Public IP you need to Modify it.
May be some more experts will give more info incase i have missed any

Cheers!
0
 
LVL 20

Assisted Solution

by:ikm7176
ikm7176 earned 50 total points
ID: 17897348
Your MX record will be pointing to your old IP address, thus all mails will be forwarded to your old Public IP untill you update the MX record for your domain.

Visit http://www.dnsreport.com to check your MX record and contact your ISP to change the MX record of your domain to new Public IP.


0
 
LVL 104

Accepted Solution

by:
Sembee earned 400 total points
ID: 17897403
The most common mistakes when switching ISPs...

- Smart host. Check on the SMTP virtual server and any SMTP Connectors.
- DNS addresses. If you have configured forwarders on the DNS server applet on your domain controllers then update those. There should be no external DNS anywhere in the network configuration of any server or workstation.

At the ISP...

- reverse DNS. Make sure that this is set before you make the switch. If you already know what your IP addresses are going to be, then ask the new ISP to make the change ahead of the switch.

You mentioned the PIX...
I have had a couple of times where certain features of the PIX don't like the IP address change. From memory the VPN functionality failed when the external IP address was changed. If you are using VPN that terminates on the PIX, then recreate it. You can use the same group name and other information, so the clients will not have to be changed. I suspect that the PIX uses the external IP address as part of its encryption algorithm.

The MX records have already been mentioned.

Simon.
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17897879
Right you are! How could I forget the MX record.. LOL

We are not using any smart host. We have only to one server so no other virtual servers or connectors. Thanks for the info on the PIX. The VPN does terminate at the PIX. I will have to update the clients. They are currently connecting via IP. I will have our web host create a DNS entry so we do not have any trouble in the future. :)

0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17898397
Here is my final task list.. let me now what you think

------

Changes to be made on the PIX firewall:

- Change outside IP address from xx to new public IP
- Change default route to new ISP next hop router
- Reboot PIX (recreate VPN if needed)

Changes to be made with WEB HOST

- Update MX record for "exchange.domain.com" to point to new public IP
- Have web host create a DNS record "vpn.domain.com" to point to new public IP
- Make sure new ISP creates reverse DNS entry for public IP

Changes to be made on the Server:

- Update DNS forwarders to include ISP servers
- Remove old ISP DNS servers  

Thanks guys!
0
 
LVL 20

Expert Comment

by:ikm7176
ID: 17898577
You are right, Go for it. let us know if you have any more queries.

Good Luck!!
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17908850
Hey guys - Thanks for sticking with me. :)

I am making the MX changes with our web host now. I am curious, does mail coming from wherever DNS has not replicated simply bounce? Or will it queue up on the senders side?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17908911
If the DNS server hasn't received the updated changes then they will use the old MX record information. If the old MX record is no longer valid (IP address change or whatever) then the messages will queue. The server will then try again later and may well use the new DNS information.

Simon.
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17909074
cool
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17911856
Ok, I have everything setup. Most things are ok.

Here is what I have left to resolve:

- VPN is not working (as expected). I noticed the cryptochecksum did indeed change. What commands do I need to run to resetup VPN? It has been 3 yrs since I have done it and I would assume I do not have to start from scratch.

- OWA works, sending mail works, still no incoming mail. If I try and telnet to our public IP I get:

220 *****************************************************************0****0****0
 *********************200**22****20 *0*00


What is up with that? The telnet works internally, so my assumption is something it wrong on the PIX.

Rememeber, all I changed on the PIX was the public IP and default route.

Thx!



0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17911960
I compared my current config to what I had before the IP change, and there are two lines missing now:

nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

the first one seems to add ok, but the 2nd one fails. :(
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17911970
JK.. the nat statements were there afterall. Still no VPN or imcoming mail though.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17913231
That SMTP banner is a PIX with fixup SMTP enabled. Turn it off and you will see your Exchange server listed.

Put your domain name in to dnsreport.com and see what it says.

Simon.
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17913274
Well it worked before with fixup enabled.. I don't really care what the banner says. I just need incoming mail to work. Dnsreport.com shows the MX record as securence.com. This is our spam filtering company. They then route to our Web Host and then our Web Host routes to us.
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17913281
So perhaps the PIX is fine, mail is just queuing up at securence until DNS replication is complete?
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17913333
I talked to securence, and they still has our old IP. I had them updated. That should be all I need to do on the incoming mail right?

0
 
LVL 104

Expert Comment

by:Sembee
ID: 17913368
The SMTP Banner can cause you problems - that feature in the PIX can also cause problems with email delivery. It is best disabled - and it is one of things I do as standard to a PIX because of the problems it can cause.

If your MX records are pointing somewhere else, then the only thing you would have to do is ensure that the server that forwards the email is sending it to the right place.

Simon.
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17913420
cool.. I will remove the fixup.

no fixup protocol smtp 25

For the VPN - Do I need to remove all of the old settings prior to resetting it up? I will be uising the PDM. Thanks!
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17913486
Whoo hoo! Securence updated our IP and now incomign mail works. :)

Now I just need to do this VPN :)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17913657
I usually delete the existing VPN configuration and then run the VPN wizard in PDM again. That way I can be sure that everything has flushed out correctly.

Simon.
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17913722
ok
0
 
LVL 23

Author Comment

by:Justin Durrant
ID: 17914337
Thanks again everyone! VERY MUCH APPREICATED!
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now