• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 274
  • Last Modified:

New ISP.. Transparent to Exchange?

Hello, we are moving to a new ISP so obviously our public IP is going to change. I assume this change is transperant to Exchange? We only have a single Exchange 2003 server in-house.

I am thinking all I have to do is update our DNS forwarders and the PIX (our DNS\DC\Exchange are all on one box). Don't panic. This is a small org with only 10 users. :)

Thanks!
0
Justin Durrant
Asked:
Justin Durrant
  • 14
  • 5
  • 2
  • +1
3 Solutions
 
inbarasanCommented:
Dear jjdurrant,
You need to take card of MX record. If the MX points to Present Public IP you need to Modify it.
May be some more experts will give more info incase i have missed any

Cheers!
0
 
ikm7176Commented:
Your MX record will be pointing to your old IP address, thus all mails will be forwarded to your old Public IP untill you update the MX record for your domain.

Visit http://www.dnsreport.com to check your MX record and contact your ISP to change the MX record of your domain to new Public IP.


0
 
SembeeCommented:
The most common mistakes when switching ISPs...

- Smart host. Check on the SMTP virtual server and any SMTP Connectors.
- DNS addresses. If you have configured forwarders on the DNS server applet on your domain controllers then update those. There should be no external DNS anywhere in the network configuration of any server or workstation.

At the ISP...

- reverse DNS. Make sure that this is set before you make the switch. If you already know what your IP addresses are going to be, then ask the new ISP to make the change ahead of the switch.

You mentioned the PIX...
I have had a couple of times where certain features of the PIX don't like the IP address change. From memory the VPN functionality failed when the external IP address was changed. If you are using VPN that terminates on the PIX, then recreate it. You can use the same group name and other information, so the clients will not have to be changed. I suspect that the PIX uses the external IP address as part of its encryption algorithm.

The MX records have already been mentioned.

Simon.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Justin DurrantAuthor Commented:
Right you are! How could I forget the MX record.. LOL

We are not using any smart host. We have only to one server so no other virtual servers or connectors. Thanks for the info on the PIX. The VPN does terminate at the PIX. I will have to update the clients. They are currently connecting via IP. I will have our web host create a DNS entry so we do not have any trouble in the future. :)

0
 
Justin DurrantAuthor Commented:
Here is my final task list.. let me now what you think

------

Changes to be made on the PIX firewall:

- Change outside IP address from xx to new public IP
- Change default route to new ISP next hop router
- Reboot PIX (recreate VPN if needed)

Changes to be made with WEB HOST

- Update MX record for "exchange.domain.com" to point to new public IP
- Have web host create a DNS record "vpn.domain.com" to point to new public IP
- Make sure new ISP creates reverse DNS entry for public IP

Changes to be made on the Server:

- Update DNS forwarders to include ISP servers
- Remove old ISP DNS servers  

Thanks guys!
0
 
ikm7176Commented:
You are right, Go for it. let us know if you have any more queries.

Good Luck!!
0
 
Justin DurrantAuthor Commented:
Hey guys - Thanks for sticking with me. :)

I am making the MX changes with our web host now. I am curious, does mail coming from wherever DNS has not replicated simply bounce? Or will it queue up on the senders side?
0
 
SembeeCommented:
If the DNS server hasn't received the updated changes then they will use the old MX record information. If the old MX record is no longer valid (IP address change or whatever) then the messages will queue. The server will then try again later and may well use the new DNS information.

Simon.
0
 
Justin DurrantAuthor Commented:
cool
0
 
Justin DurrantAuthor Commented:
Ok, I have everything setup. Most things are ok.

Here is what I have left to resolve:

- VPN is not working (as expected). I noticed the cryptochecksum did indeed change. What commands do I need to run to resetup VPN? It has been 3 yrs since I have done it and I would assume I do not have to start from scratch.

- OWA works, sending mail works, still no incoming mail. If I try and telnet to our public IP I get:

220 *****************************************************************0****0****0
 *********************200**22****20 *0*00


What is up with that? The telnet works internally, so my assumption is something it wrong on the PIX.

Rememeber, all I changed on the PIX was the public IP and default route.

Thx!



0
 
Justin DurrantAuthor Commented:
I compared my current config to what I had before the IP change, and there are two lines missing now:

nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

the first one seems to add ok, but the 2nd one fails. :(
0
 
Justin DurrantAuthor Commented:
JK.. the nat statements were there afterall. Still no VPN or imcoming mail though.
0
 
SembeeCommented:
That SMTP banner is a PIX with fixup SMTP enabled. Turn it off and you will see your Exchange server listed.

Put your domain name in to dnsreport.com and see what it says.

Simon.
0
 
Justin DurrantAuthor Commented:
Well it worked before with fixup enabled.. I don't really care what the banner says. I just need incoming mail to work. Dnsreport.com shows the MX record as securence.com. This is our spam filtering company. They then route to our Web Host and then our Web Host routes to us.
0
 
Justin DurrantAuthor Commented:
So perhaps the PIX is fine, mail is just queuing up at securence until DNS replication is complete?
0
 
Justin DurrantAuthor Commented:
I talked to securence, and they still has our old IP. I had them updated. That should be all I need to do on the incoming mail right?

0
 
SembeeCommented:
The SMTP Banner can cause you problems - that feature in the PIX can also cause problems with email delivery. It is best disabled - and it is one of things I do as standard to a PIX because of the problems it can cause.

If your MX records are pointing somewhere else, then the only thing you would have to do is ensure that the server that forwards the email is sending it to the right place.

Simon.
0
 
Justin DurrantAuthor Commented:
cool.. I will remove the fixup.

no fixup protocol smtp 25

For the VPN - Do I need to remove all of the old settings prior to resetting it up? I will be uising the PDM. Thanks!
0
 
Justin DurrantAuthor Commented:
Whoo hoo! Securence updated our IP and now incomign mail works. :)

Now I just need to do this VPN :)
0
 
SembeeCommented:
I usually delete the existing VPN configuration and then run the VPN wizard in PDM again. That way I can be sure that everything has flushed out correctly.

Simon.
0
 
Justin DurrantAuthor Commented:
ok
0
 
Justin DurrantAuthor Commented:
Thanks again everyone! VERY MUCH APPREICATED!
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 14
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now