I am trying to publish an Exchange 2007 SMTP server listening on port 25 to the WEB behind two firewall zones and TMG.
Security design is the following :
[ WEB ] -- [ FW VLAN 6 ] -- [ TMG ] -- [ FW VLAN 10 ] -- [ EXCHANGE VLAN 1 ]
On TMG, i have set 2 network interfaces :
- VLAN06 with IP 172.22.6.3 as a perimeter interface
- VLAN10 with IP 172.22.10.3 as an internal interface
Some tests :
- SMTP trafic is forwarded from public IP to VLAN06 to TMG (rule approved it and log trace)
- Inbound trafic is received on TMG (log trace)
- No trafic logged from TMG to Exchange
- I am able to telnet Exchange on port 25 from TMG
My problem :
Running a telnet from outside to my pub address on port 25, i am not connected.
I get an error : no rule seems to autorize my demand.
Source : perimeter network with remote public address
Destination : local host with VLAN06 address
Rule is set to autorize SMTP from localhost / perimeter to Exchange
Sometimes, I can get an WSAECONNREFUSED error without changing anything in the rule set.
Any help would be great.