Solved

Setting up Exchange Server 2003, Cisco Pix 501, DNS MX Record

Posted on 2007-11-16
6
834 Views
Last Modified: 2013-11-30
Hi EXPERTS,

I need your expert advice to make my exchange server work behind a Cisco PIX 501 Firewall.

This is the situation now;
1. Exchange server 2003 installed in Windows Server 2003 SBS
    - can send email to yahoo email account and other domain email account.
    - but can't received email yet

2. Cisco PIX 501 configured with the following;
    - access-list outside-access-in permit tcp any interface outside eq smtp
    - access-group outside-in in interface outside
    - no fixup protocol smtp 25
    - static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255
    (note: i got this config from one of the experts in this site)

3. DNS (Dreamhost) configured with the following:
    - added custom A Record (smtp.allthebestfinefoods.com)
    - added custom MX record (10 smtp.allthebestfinefoods.com)
      Note: I set my custom MX record priority level to 10 (this was set to higher priority level so it will not take over the lowest MX record of the DNS provider.

Problems:
1. I tried using the MX Lookup of MXTOOLBOX.COM to test my smtp.allthebestfinefoods.com then I got this error message:
   "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"

2. I tried using the MX Lookup of MXTOOLBOX.COM to test my public IP Address then I got the same error message:

QUESTION:
WHAT WRONG OR LACKING WITH MY WORK? EXPERTS PLS HELP ME FIGURE OUT THE PROBLEM AND PROVIDE ME WITH HELPFUL ANSWERS.

Thank you very much.
0
Comment
Question by:czarbapora
6 Comments
 
LVL 15

Expert Comment

by:Dave_AND
ID: 20300544
Check you can telnet to your exchange sever 1st on port 25 (sorry if im showing you how to suck eggs) start>run>cmd>telnet localhost 25
make sure you get a exchange responce on that before you go anywhere else.

Your MX are correct

i cant help on the Cisco config im afraid, but if you can telnet to your server locally and from another workstation in your office (ie telnet ntsever 25) then your ok internaly you need to get the cisco sorted. if you cant post back and ill try to help with the exchange issue
0
 

Author Comment

by:czarbapora
ID: 20300598
Hi,

Yes I can, i got this message
220 allthebestfinefoods.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Fri, 16 Nov 2007 14:13:52 -0500 .

thanks you.
0
 
LVL 15

Assisted Solution

by:Dave_AND
Dave_AND earned 50 total points
ID: 20300839
well, this is good and bad:

Good:

your exchanage is working

Bad:

I cant help as i dont know Cisco :P

well Goodluck, but at least you know where the issue is, your cisco is stopping traffic to port 25. I hope you can find someone to sort this for you, Good luck :)
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Assisted Solution

by:squoke
squoke earned 200 total points
ID: 20301741
is the IP on your PIX 70.55.240.44? If so, follow along.

I see two problems with your PIX config.  I would issue the following commands:

no access-list outside-access-in permit tcp any interface outside eq smtp
no access-group outside-in in interface outside

access-list outside permit tcp any host 70.55.240.44 eq 25
access-group outside in interface outside

no static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255
static (inside,outside) tcp 70.55.240.44 25 192.168.10.1 25 netmask 255.255.255.255
clear xlate
0
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 250 total points
ID: 20302112
  Hi czarbapora
         You only have to enter the following and all will work like charm
         access-group outside-access-in in interface outside

Regards
0
 

Author Comment

by:czarbapora
ID: 20321261
It's now working, I still used my cisco pix configuration as shown above and changed the "access-group outside-in in interface outside"  TO "access-group outside-access-in in interface outside" and also changed my EMAIL SVR IP ADDRESS which was enterred incorrectly in command line -> static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255.

I want to learn more about Cisco PIX, I will appreciate if anybody can give me a study guide or links.

Thank you very much for your great help.

0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now