Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Setting up Exchange Server 2003, Cisco Pix 501, DNS MX Record

Posted on 2007-11-16
6
Medium Priority
?
930 Views
Last Modified: 2013-11-30
Hi EXPERTS,

I need your expert advice to make my exchange server work behind a Cisco PIX 501 Firewall.

This is the situation now;
1. Exchange server 2003 installed in Windows Server 2003 SBS
    - can send email to yahoo email account and other domain email account.
    - but can't received email yet

2. Cisco PIX 501 configured with the following;
    - access-list outside-access-in permit tcp any interface outside eq smtp
    - access-group outside-in in interface outside
    - no fixup protocol smtp 25
    - static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255
    (note: i got this config from one of the experts in this site)

3. DNS (Dreamhost) configured with the following:
    - added custom A Record (smtp.allthebestfinefoods.com)
    - added custom MX record (10 smtp.allthebestfinefoods.com)
      Note: I set my custom MX record priority level to 10 (this was set to higher priority level so it will not take over the lowest MX record of the DNS provider.

Problems:
1. I tried using the MX Lookup of MXTOOLBOX.COM to test my smtp.allthebestfinefoods.com then I got this error message:
   "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"

2. I tried using the MX Lookup of MXTOOLBOX.COM to test my public IP Address then I got the same error message:

QUESTION:
WHAT WRONG OR LACKING WITH MY WORK? EXPERTS PLS HELP ME FIGURE OUT THE PROBLEM AND PROVIDE ME WITH HELPFUL ANSWERS.

Thank you very much.
0
Comment
Question by:czarbapora
6 Comments
 
LVL 15

Expert Comment

by:Dave_AND
ID: 20300544
Check you can telnet to your exchange sever 1st on port 25 (sorry if im showing you how to suck eggs) start>run>cmd>telnet localhost 25
make sure you get a exchange responce on that before you go anywhere else.

Your MX are correct

i cant help on the Cisco config im afraid, but if you can telnet to your server locally and from another workstation in your office (ie telnet ntsever 25) then your ok internaly you need to get the cisco sorted. if you cant post back and ill try to help with the exchange issue
0
 

Author Comment

by:czarbapora
ID: 20300598
Hi,

Yes I can, i got this message
220 allthebestfinefoods.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Fri, 16 Nov 2007 14:13:52 -0500 .

thanks you.
0
 
LVL 15

Assisted Solution

by:Dave_AND
Dave_AND earned 200 total points
ID: 20300839
well, this is good and bad:

Good:

your exchanage is working

Bad:

I cant help as i dont know Cisco :P

well Goodluck, but at least you know where the issue is, your cisco is stopping traffic to port 25. I hope you can find someone to sort this for you, Good luck :)
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Assisted Solution

by:squoke
squoke earned 800 total points
ID: 20301741
is the IP on your PIX 70.55.240.44? If so, follow along.

I see two problems with your PIX config.  I would issue the following commands:

no access-list outside-access-in permit tcp any interface outside eq smtp
no access-group outside-in in interface outside

access-list outside permit tcp any host 70.55.240.44 eq 25
access-group outside in interface outside

no static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255
static (inside,outside) tcp 70.55.240.44 25 192.168.10.1 25 netmask 255.255.255.255
clear xlate
0
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 1000 total points
ID: 20302112
  Hi czarbapora
         You only have to enter the following and all will work like charm
         access-group outside-access-in in interface outside

Regards
0
 

Author Comment

by:czarbapora
ID: 20321261
It's now working, I still used my cisco pix configuration as shown above and changed the "access-group outside-in in interface outside"  TO "access-group outside-access-in in interface outside" and also changed my EMAIL SVR IP ADDRESS which was enterred incorrectly in command line -> static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255.

I want to learn more about Cisco PIX, I will appreciate if anybody can give me a study guide or links.

Thank you very much for your great help.

0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question