Justin Durrant
asked on
New ISP.. Transparent to Exchange?
Hello, we are moving to a new ISP so obviously our public IP is going to change. I assume this change is transperant to Exchange? We only have a single Exchange 2003 server in-house.
I am thinking all I have to do is update our DNS forwarders and the PIX (our DNS\DC\Exchange are all on one box). Don't panic. This is a small org with only 10 users. :)
Thanks!
I am thinking all I have to do is update our DNS forwarders and the PIX (our DNS\DC\Exchange are all on one box). Don't panic. This is a small org with only 10 users. :)
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here is my final task list.. let me now what you think
------
Changes to be made on the PIX firewall:
- Change outside IP address from xx to new public IP
- Change default route to new ISP next hop router
- Reboot PIX (recreate VPN if needed)
Changes to be made with WEB HOST
- Update MX record for "exchange.domain.com" to point to new public IP
- Have web host create a DNS record "vpn.domain.com" to point to new public IP
- Make sure new ISP creates reverse DNS entry for public IP
Changes to be made on the Server:
- Update DNS forwarders to include ISP servers
- Remove old ISP DNS servers
Thanks guys!
------
Changes to be made on the PIX firewall:
- Change outside IP address from xx to new public IP
- Change default route to new ISP next hop router
- Reboot PIX (recreate VPN if needed)
Changes to be made with WEB HOST
- Update MX record for "exchange.domain.com" to point to new public IP
- Have web host create a DNS record "vpn.domain.com" to point to new public IP
- Make sure new ISP creates reverse DNS entry for public IP
Changes to be made on the Server:
- Update DNS forwarders to include ISP servers
- Remove old ISP DNS servers
Thanks guys!
You are right, Go for it. let us know if you have any more queries.
Good Luck!!
Good Luck!!
ASKER
Hey guys - Thanks for sticking with me. :)
I am making the MX changes with our web host now. I am curious, does mail coming from wherever DNS has not replicated simply bounce? Or will it queue up on the senders side?
I am making the MX changes with our web host now. I am curious, does mail coming from wherever DNS has not replicated simply bounce? Or will it queue up on the senders side?
If the DNS server hasn't received the updated changes then they will use the old MX record information. If the old MX record is no longer valid (IP address change or whatever) then the messages will queue. The server will then try again later and may well use the new DNS information.
Simon.
Simon.
ASKER
cool
ASKER
Ok, I have everything setup. Most things are ok.
Here is what I have left to resolve:
- VPN is not working (as expected). I noticed the cryptochecksum did indeed change. What commands do I need to run to resetup VPN? It has been 3 yrs since I have done it and I would assume I do not have to start from scratch.
- OWA works, sending mail works, still no incoming mail. If I try and telnet to our public IP I get:
220 ************************** ********** ********** ********** *********0 ****0****0
*********************200** 22****20 *0*00
What is up with that? The telnet works internally, so my assumption is something it wrong on the PIX.
Rememeber, all I changed on the PIX was the public IP and default route.
Thx!
Here is what I have left to resolve:
- VPN is not working (as expected). I noticed the cryptochecksum did indeed change. What commands do I need to run to resetup VPN? It has been 3 yrs since I have done it and I would assume I do not have to start from scratch.
- OWA works, sending mail works, still no incoming mail. If I try and telnet to our public IP I get:
220 **************************
*********************200**
What is up with that? The telnet works internally, so my assumption is something it wrong on the PIX.
Rememeber, all I changed on the PIX was the public IP and default route.
Thx!
ASKER
I compared my current config to what I had before the IP change, and there are two lines missing now:
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
the first one seems to add ok, but the 2nd one fails. :(
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
the first one seems to add ok, but the 2nd one fails. :(
ASKER
JK.. the nat statements were there afterall. Still no VPN or imcoming mail though.
That SMTP banner is a PIX with fixup SMTP enabled. Turn it off and you will see your Exchange server listed.
Put your domain name in to dnsreport.com and see what it says.
Simon.
Put your domain name in to dnsreport.com and see what it says.
Simon.
ASKER
Well it worked before with fixup enabled.. I don't really care what the banner says. I just need incoming mail to work. Dnsreport.com shows the MX record as securence.com. This is our spam filtering company. They then route to our Web Host and then our Web Host routes to us.
ASKER
So perhaps the PIX is fine, mail is just queuing up at securence until DNS replication is complete?
ASKER
I talked to securence, and they still has our old IP. I had them updated. That should be all I need to do on the incoming mail right?
The SMTP Banner can cause you problems - that feature in the PIX can also cause problems with email delivery. It is best disabled - and it is one of things I do as standard to a PIX because of the problems it can cause.
If your MX records are pointing somewhere else, then the only thing you would have to do is ensure that the server that forwards the email is sending it to the right place.
Simon.
If your MX records are pointing somewhere else, then the only thing you would have to do is ensure that the server that forwards the email is sending it to the right place.
Simon.
ASKER
cool.. I will remove the fixup.
no fixup protocol smtp 25
For the VPN - Do I need to remove all of the old settings prior to resetting it up? I will be uising the PDM. Thanks!
no fixup protocol smtp 25
For the VPN - Do I need to remove all of the old settings prior to resetting it up? I will be uising the PDM. Thanks!
ASKER
Whoo hoo! Securence updated our IP and now incomign mail works. :)
Now I just need to do this VPN :)
Now I just need to do this VPN :)
I usually delete the existing VPN configuration and then run the VPN wizard in PDM again. That way I can be sure that everything has flushed out correctly.
Simon.
Simon.
ASKER
ok
ASKER
Thanks again everyone! VERY MUCH APPREICATED!
ASKER
We are not using any smart host. We have only to one server so no other virtual servers or connectors. Thanks for the info on the PIX. The VPN does terminate at the PIX. I will have to update the clients. They are currently connecting via IP. I will have our web host create a DNS entry so we do not have any trouble in the future. :)