[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 203
  • Last Modified:

Exchange / Outlook Help Needed

I need help with a couple of clients that we are hosting data for.  Two of the clients have their own Exchange server (one 2007/ one 2003).  Since moving them both to the datacenter, the two companies cannot email each other.  They can email most everyone else, but not each other.  I also cannot ping from one mail server to another unless I put an entry in the host file of each machine.  I think, therefore, it's a DNS issue.  I have one Cisco PIX firewall/router.  Therefore, each client I have setup right now on the same IP range and I'm wondering if that is part of my problem.  For example, client A uses IP's of 192.x.x.20 to .29 and client B uses .70 to .79.  Could that be my issue?  Do I need to setup something on each company's DNS server to see the other?  I have a managed DELL switch with VLAN's that I am waiting for my IT guy to install to separate the networks.  Is that the problem?
0
pmasseycpa
Asked:
pmasseycpa
2 Solutions
 
lalancluCommented:
If you divise you ip segment to make many subnet It is nomrmal that you cannot ping from on ssegment to other.

You cannot make a u-turn on PIX, so you must have a router in your installation to route you packet to the other subnet you can use your default subnet mask a validate that your routing configuration are correct. And you talk about VLan if you use vlan on the switch you need to have a router to route your packet to one vlan to the other.
0
 
hodgeyohnCommented:
well if can both servers see the mx record, and resolve the a record for an ip address.
it sounds like a name resolutoin issue.
one option would be to create a separete smtp interface on each that point to the other.
0
 
lalancluCommented:
When you resolve a A record you resolve from the net but when you try to go on this ip you coming back to you PIX and in the PIX you cannot make a connection from inside to outside and with a DNS return inside your PIX that what a name a u-tunr in a PIX and you not allowed to that in any CIsco Product.

If your server san see the other one you can open the smtp from the other ip only or make a new connector with the name of the other compangie.

But to use this solution you server can contact each other.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
pmasseycpaAuthor Commented:
lalanclu, Are you saying to create a second SMTP connector for that domain only on each server so that it goes straight there and not out through the PIX?
0
 
hodgeyohnCommented:
i would agree with that option
0
 
lalancluCommented:
Yes
0
 
lalancluCommented:
and you secure this new Connector to accept only the other IP
0
 
Cyclops3590Commented:
why not use the 'dns' keyword on your static entry command?  or did that not work

for example

static(inside,outside) 1.2.3.4 192.168.2.1 dns

this turns on dns inspection for that IP.  If a DNS reply comes back referencing the 1.2.3.4, it swaps it out with the internal IP of 192.168.2.1.  Then the internal servers/clients use an IP that can actually be communicated with and eliminates the U-turn (or return path filtering) issue.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now