Exchange 2007 OWA not working externally, mail issues as well

Yesterday I replaced a firewall in our office with a PIX515. I have set up NAT and the ACL's to allow 443, 110, 25, and 80 thru to our mail server (Exchange 2007 single server). Internally, https://myaiasrv04/owa works just fine. From outside works fine (at least enough to tell me I need to use https) so when I use https it stalls out and will not work.
Related to the Exchange issues, I cannot send out any new messages either.

Can someone get me in the right direction!! HELP!
Who is Participating?
Turn off fixup SMTP in the PIX. It will be getting in the way and stopping common antispam checks from working correctly.


If your question has been answered, please remember to accept the answer and close the question.
muelleryurgaeassociatesAuthor Commented:
I can connect to the port 443 via telnet:

iwalmsley@virtue:~$ telnet 443
Connected to
Escape character is '^]'.
when i telnet to the ip address of on port 25( telnet 25), i do not get the reponse i would expect to get from an exchange server. something else is intercepting your traffic. i would look at your pix config, looks like something is just not right.

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

muelleryurgaeassociatesAuthor Commented:
I got OWA to work externally. It was an SSL certificate issue. I replaced the certificate and it works.

I am still having issue sending mail. This started today after the new firewall was installed. Getting "Delivery Delayed"  --  "This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf."

I can receive emails no problem.
muelleryurgaeassociatesAuthor Commented:

Where abouts can I find that in the ASDM?

Disable smtp fixup as simon suggested:
  no fixup protocol smtp 25

Also, make sure that your outbound IP address matches your MX record. If you only port-forward smtp/25 to the Exchange host for inbound, there is a chance that outbound email may be taking the global IP address and does not match the MX.
Also, you may need to adjust the max dns fixup

 fixup protocol dns maximum-length 1024
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.