Solved

Setting up Exchange Server 2003, Cisco Pix 501, DNS MX Record

Posted on 2007-11-16
6
894 Views
Last Modified: 2013-11-30
Hi EXPERTS,

I need your expert advice to make my exchange server work behind a Cisco PIX 501 Firewall.

This is the situation now;
1. Exchange server 2003 installed in Windows Server 2003 SBS
    - can send email to yahoo email account and other domain email account.
    - but can't received email yet

2. Cisco PIX 501 configured with the following;
    - access-list outside-access-in permit tcp any interface outside eq smtp
    - access-group outside-in in interface outside
    - no fixup protocol smtp 25
    - static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255
    (note: i got this config from one of the experts in this site)

3. DNS (Dreamhost) configured with the following:
    - added custom A Record (smtp.allthebestfinefoods.com)
    - added custom MX record (10 smtp.allthebestfinefoods.com)
      Note: I set my custom MX record priority level to 10 (this was set to higher priority level so it will not take over the lowest MX record of the DNS provider.

Problems:
1. I tried using the MX Lookup of MXTOOLBOX.COM to test my smtp.allthebestfinefoods.com then I got this error message:
   "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"

2. I tried using the MX Lookup of MXTOOLBOX.COM to test my public IP Address then I got the same error message:

QUESTION:
WHAT WRONG OR LACKING WITH MY WORK? EXPERTS PLS HELP ME FIGURE OUT THE PROBLEM AND PROVIDE ME WITH HELPFUL ANSWERS.

Thank you very much.
0
Comment
Question by:czarbapora
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 15

Expert Comment

by:Dave_AND
ID: 20300544
Check you can telnet to your exchange sever 1st on port 25 (sorry if im showing you how to suck eggs) start>run>cmd>telnet localhost 25
make sure you get a exchange responce on that before you go anywhere else.

Your MX are correct

i cant help on the Cisco config im afraid, but if you can telnet to your server locally and from another workstation in your office (ie telnet ntsever 25) then your ok internaly you need to get the cisco sorted. if you cant post back and ill try to help with the exchange issue
0
 

Author Comment

by:czarbapora
ID: 20300598
Hi,

Yes I can, i got this message
220 allthebestfinefoods.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Fri, 16 Nov 2007 14:13:52 -0500 .

thanks you.
0
 
LVL 15

Assisted Solution

by:Dave_AND
Dave_AND earned 50 total points
ID: 20300839
well, this is good and bad:

Good:

your exchanage is working

Bad:

I cant help as i dont know Cisco :P

well Goodluck, but at least you know where the issue is, your cisco is stopping traffic to port 25. I hope you can find someone to sort this for you, Good luck :)
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Assisted Solution

by:squoke
squoke earned 200 total points
ID: 20301741
is the IP on your PIX 70.55.240.44? If so, follow along.

I see two problems with your PIX config.  I would issue the following commands:

no access-list outside-access-in permit tcp any interface outside eq smtp
no access-group outside-in in interface outside

access-list outside permit tcp any host 70.55.240.44 eq 25
access-group outside in interface outside

no static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255
static (inside,outside) tcp 70.55.240.44 25 192.168.10.1 25 netmask 255.255.255.255
clear xlate
0
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 250 total points
ID: 20302112
  Hi czarbapora
         You only have to enter the following and all will work like charm
         access-group outside-access-in in interface outside

Regards
0
 

Author Comment

by:czarbapora
ID: 20321261
It's now working, I still used my cisco pix configuration as shown above and changed the "access-group outside-in in interface outside"  TO "access-group outside-access-in in interface outside" and also changed my EMAIL SVR IP ADDRESS which was enterred incorrectly in command line -> static (inside,outside) tcp interface smtp 192.168.10.1 smtp netmask 255.255.255.255.

I want to learn more about Cisco PIX, I will appreciate if anybody can give me a study guide or links.

Thank you very much for your great help.

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Read this checklist to learn more about the 15 things you should never include in an email signature.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question