Link to home
Start Free TrialLog in
Avatar of Justin Durrant
Justin DurrantFlag for United States of America

asked on

New ISP.. Transparent to Exchange?

Hello, we are moving to a new ISP so obviously our public IP is going to change. I assume this change is transperant to Exchange? We only have a single Exchange 2003 server in-house.

I am thinking all I have to do is update our DNS forwarders and the PIX (our DNS\DC\Exchange are all on one box). Don't panic. This is a small org with only 10 users. :)

Thanks!
SOLUTION
Avatar of inbarasan
inbarasan
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of ikm7176
ikm7176
Flag of Saudi Arabia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Justin Durrant

ASKER

Right you are! How could I forget the MX record.. LOL

We are not using any smart host. We have only to one server so no other virtual servers or connectors. Thanks for the info on the PIX. The VPN does terminate at the PIX. I will have to update the clients. They are currently connecting via IP. I will have our web host create a DNS entry so we do not have any trouble in the future. :)

Here is my final task list.. let me now what you think

------

Changes to be made on the PIX firewall:

- Change outside IP address from xx to new public IP
- Change default route to new ISP next hop router
- Reboot PIX (recreate VPN if needed)

Changes to be made with WEB HOST

- Update MX record for "exchange.domain.com" to point to new public IP
- Have web host create a DNS record "vpn.domain.com" to point to new public IP
- Make sure new ISP creates reverse DNS entry for public IP

Changes to be made on the Server:

- Update DNS forwarders to include ISP servers
- Remove old ISP DNS servers  

Thanks guys!
You are right, Go for it. let us know if you have any more queries.

Good Luck!!
Hey guys - Thanks for sticking with me. :)

I am making the MX changes with our web host now. I am curious, does mail coming from wherever DNS has not replicated simply bounce? Or will it queue up on the senders side?
If the DNS server hasn't received the updated changes then they will use the old MX record information. If the old MX record is no longer valid (IP address change or whatever) then the messages will queue. The server will then try again later and may well use the new DNS information.

Simon.
cool
Ok, I have everything setup. Most things are ok.

Here is what I have left to resolve:

- VPN is not working (as expected). I noticed the cryptochecksum did indeed change. What commands do I need to run to resetup VPN? It has been 3 yrs since I have done it and I would assume I do not have to start from scratch.

- OWA works, sending mail works, still no incoming mail. If I try and telnet to our public IP I get:

220 *****************************************************************0****0****0
 *********************200**22****20 *0*00


What is up with that? The telnet works internally, so my assumption is something it wrong on the PIX.

Rememeber, all I changed on the PIX was the public IP and default route.

Thx!



I compared my current config to what I had before the IP change, and there are two lines missing now:

nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

the first one seems to add ok, but the 2nd one fails. :(
JK.. the nat statements were there afterall. Still no VPN or imcoming mail though.
That SMTP banner is a PIX with fixup SMTP enabled. Turn it off and you will see your Exchange server listed.

Put your domain name in to dnsreport.com and see what it says.

Simon.
Well it worked before with fixup enabled.. I don't really care what the banner says. I just need incoming mail to work. Dnsreport.com shows the MX record as securence.com. This is our spam filtering company. They then route to our Web Host and then our Web Host routes to us.
So perhaps the PIX is fine, mail is just queuing up at securence until DNS replication is complete?
I talked to securence, and they still has our old IP. I had them updated. That should be all I need to do on the incoming mail right?

The SMTP Banner can cause you problems - that feature in the PIX can also cause problems with email delivery. It is best disabled - and it is one of things I do as standard to a PIX because of the problems it can cause.

If your MX records are pointing somewhere else, then the only thing you would have to do is ensure that the server that forwards the email is sending it to the right place.

Simon.
cool.. I will remove the fixup.

no fixup protocol smtp 25

For the VPN - Do I need to remove all of the old settings prior to resetting it up? I will be uising the PDM. Thanks!
Whoo hoo! Securence updated our IP and now incomign mail works. :)

Now I just need to do this VPN :)
I usually delete the existing VPN configuration and then run the VPN wizard in PDM again. That way I can be sure that everything has flushed out correctly.

Simon.
Thanks again everyone! VERY MUCH APPREICATED!