Solved

Setting up Exchange Server 2003, Cisco Pix 501, DNS MX Record

Posted on 2007-11-16
6
887 Views
Last Modified: 2013-11-30
Hi EXPERTS,

I need your expert advice to make my exchange server work behind a Cisco PIX 501 Firewall.

This is the situation now;
1. Exchange server 2003 installed in Windows Server 2003 SBS
    - can send email to yahoo email account and other domain email account.
    - but can't received email yet

2. Cisco PIX 501 configured with the following;
    - access-list outside-access-in permit tcp any interface outside eq smtp
    - access-group outside-in in interface outside
    - no fixup protocol smtp 25
    - static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255
    (note: i got this config from one of the experts in this site)

3. DNS (Dreamhost) configured with the following:
    - added custom A Record (smtp.allthebestfinefoods.com)
    - added custom MX record (10 smtp.allthebestfinefoods.com)
      Note: I set my custom MX record priority level to 10 (this was set to higher priority level so it will not take over the lowest MX record of the DNS provider.

Problems:
1. I tried using the MX Lookup of MXTOOLBOX.COM to test my smtp.allthebestfinefoods.com then I got this error message:
   "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"

2. I tried using the MX Lookup of MXTOOLBOX.COM to test my public IP Address then I got the same error message:

QUESTION:
WHAT WRONG OR LACKING WITH MY WORK? EXPERTS PLS HELP ME FIGURE OUT THE PROBLEM AND PROVIDE ME WITH HELPFUL ANSWERS.

Thank you very much.
0
Comment
Question by:czarbapora
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 15

Expert Comment

by:Dave_AND
ID: 20300544
Check you can telnet to your exchange sever 1st on port 25 (sorry if im showing you how to suck eggs) start>run>cmd>telnet localhost 25
make sure you get a exchange responce on that before you go anywhere else.

Your MX are correct

i cant help on the Cisco config im afraid, but if you can telnet to your server locally and from another workstation in your office (ie telnet ntsever 25) then your ok internaly you need to get the cisco sorted. if you cant post back and ill try to help with the exchange issue
0
 

Author Comment

by:czarbapora
ID: 20300598
Hi,

Yes I can, i got this message
220 allthebestfinefoods.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Fri, 16 Nov 2007 14:13:52 -0500 .

thanks you.
0
 
LVL 15

Assisted Solution

by:Dave_AND
Dave_AND earned 50 total points
ID: 20300839
well, this is good and bad:

Good:

your exchanage is working

Bad:

I cant help as i dont know Cisco :P

well Goodluck, but at least you know where the issue is, your cisco is stopping traffic to port 25. I hope you can find someone to sort this for you, Good luck :)
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Assisted Solution

by:squoke
squoke earned 200 total points
ID: 20301741
is the IP on your PIX 70.55.240.44? If so, follow along.

I see two problems with your PIX config.  I would issue the following commands:

no access-list outside-access-in permit tcp any interface outside eq smtp
no access-group outside-in in interface outside

access-list outside permit tcp any host 70.55.240.44 eq 25
access-group outside in interface outside

no static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255
static (inside,outside) tcp 70.55.240.44 25 192.168.10.1 25 netmask 255.255.255.255
clear xlate
0
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 250 total points
ID: 20302112
  Hi czarbapora
         You only have to enter the following and all will work like charm
         access-group outside-access-in in interface outside

Regards
0
 

Author Comment

by:czarbapora
ID: 20321261
It's now working, I still used my cisco pix configuration as shown above and changed the "access-group outside-in in interface outside"  TO "access-group outside-access-in in interface outside" and also changed my EMAIL SVR IP ADDRESS which was enterred incorrectly in command line -> static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255.

I want to learn more about Cisco PIX, I will appreciate if anybody can give me a study guide or links.

Thank you very much for your great help.

0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question