Setting up Exchange Server 2003, Cisco Pix 501, DNS MX Record

Hi EXPERTS,

I need your expert advice to make my exchange server work behind a Cisco PIX 501 Firewall.

This is the situation now;
1. Exchange server 2003 installed in Windows Server 2003 SBS
    - can send email to yahoo email account and other domain email account.
    - but can't received email yet

2. Cisco PIX 501 configured with the following;
    - access-list outside-access-in permit tcp any interface outside eq smtp
    - access-group outside-in in interface outside
    - no fixup protocol smtp 25
    - static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255
    (note: i got this config from one of the experts in this site)

3. DNS (Dreamhost) configured with the following:
    - added custom A Record (smtp.allthebestfinefoods.com)
    - added custom MX record (10 smtp.allthebestfinefoods.com)
      Note: I set my custom MX record priority level to 10 (this was set to higher priority level so it will not take over the lowest MX record of the DNS provider.

Problems:
1. I tried using the MX Lookup of MXTOOLBOX.COM to test my smtp.allthebestfinefoods.com then I got this error message:
   "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"

2. I tried using the MX Lookup of MXTOOLBOX.COM to test my public IP Address then I got the same error message:

QUESTION:
WHAT WRONG OR LACKING WITH MY WORK? EXPERTS PLS HELP ME FIGURE OUT THE PROBLEM AND PROVIDE ME WITH HELPFUL ANSWERS.

Thank you very much.
czarbaporaAsked:
Who is Participating?
 
Alan Huseyin KayahanConnect With a Mentor Commented:
  Hi czarbapora
         You only have to enter the following and all will work like charm
         access-group outside-access-in in interface outside

Regards
0
 
Dave_ANDCommented:
Check you can telnet to your exchange sever 1st on port 25 (sorry if im showing you how to suck eggs) start>run>cmd>telnet localhost 25
make sure you get a exchange responce on that before you go anywhere else.

Your MX are correct

i cant help on the Cisco config im afraid, but if you can telnet to your server locally and from another workstation in your office (ie telnet ntsever 25) then your ok internaly you need to get the cisco sorted. if you cant post back and ill try to help with the exchange issue
0
 
czarbaporaAuthor Commented:
Hi,

Yes I can, i got this message
220 allthebestfinefoods.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Fri, 16 Nov 2007 14:13:52 -0500 .

thanks you.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Dave_ANDConnect With a Mentor Commented:
well, this is good and bad:

Good:

your exchanage is working

Bad:

I cant help as i dont know Cisco :P

well Goodluck, but at least you know where the issue is, your cisco is stopping traffic to port 25. I hope you can find someone to sort this for you, Good luck :)
0
 
squokeConnect With a Mentor Commented:
is the IP on your PIX 70.55.240.44? If so, follow along.

I see two problems with your PIX config.  I would issue the following commands:

no access-list outside-access-in permit tcp any interface outside eq smtp
no access-group outside-in in interface outside

access-list outside permit tcp any host 70.55.240.44 eq 25
access-group outside in interface outside

no static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255
static (inside,outside) tcp 70.55.240.44 25 192.168.10.1 25 netmask 255.255.255.255
clear xlate
0
 
czarbaporaAuthor Commented:
It's now working, I still used my cisco pix configuration as shown above and changed the "access-group outside-in in interface outside"  TO "access-group outside-access-in in interface outside" and also changed my EMAIL SVR IP ADDRESS which was enterred incorrectly in command line -> static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255.

I want to learn more about Cisco PIX, I will appreciate if anybody can give me a study guide or links.

Thank you very much for your great help.

0
All Courses

From novice to tech pro — start learning today.