skyjumperdude
asked on
DMZ to Exchange 2007 (Port 25 Blocked?)
Hello folks,
We are in the process of migrating from Exchange 2003 to Exchange 2007. The current network setup is as follows
[Internet] ---email flow->[Gateway Mail Marshal Server in DMZ] --[<- Firewall Policies ->]--->[LAN: Exchange 2003 / Exchange 2007].
All policies from DMZ -> LAN and LAN ->DMZ are in place on the firewall. I have opened the policies for testing purposes. I am able to ping / RDP between the DMZ and Exchange 2007 in both directions.
However, I canno use telnet from Gateway(DMZ) to Exchange 2007. It simply does not work.
I am able to telnet into Exchange 2003 just fine.
I have modified the "Default Reciever" in Exchange 07 to include the DMZ Gateway's IP Address.
Still no go -
Any help would be great! Final Idea is to route the emails from Gateway to Exchange 07 instead of Exchange 03. Currently there is a routing group in place between the two exchange servers to route the emails internally. All mailboxes have been moved to the Exchange 07 already.
This is the last step before i delete the routing groups and proceed with the decommissioning of the Exchange 03.
We are in the process of migrating from Exchange 2003 to Exchange 2007. The current network setup is as follows
[Internet] ---email flow->[Gateway Mail Marshal Server in DMZ] --[<- Firewall Policies ->]--->[LAN: Exchange 2003 / Exchange 2007].
All policies from DMZ -> LAN and LAN ->DMZ are in place on the firewall. I have opened the policies for testing purposes. I am able to ping / RDP between the DMZ and Exchange 2007 in both directions.
However, I canno use telnet from Gateway(DMZ) to Exchange 2007. It simply does not work.
I am able to telnet into Exchange 2003 just fine.
I have modified the "Default Reciever" in Exchange 07 to include the DMZ Gateway's IP Address.
Still no go -
Any help would be great! Final Idea is to route the emails from Gateway to Exchange 07 instead of Exchange 03. Currently there is a routing group in place between the two exchange servers to route the emails internally. All mailboxes have been moved to the Exchange 07 already.
This is the last step before i delete the routing groups and proceed with the decommissioning of the Exchange 03.
ASKER
1. Yes the default selections have not been removed. I did add 192.168.235.66 (DMZ- Gateway Server) to the list.
2. Only the "Anonymous" option is selected on the connector.
3. Telnet internally works perfectly fine. (I triple checked the firewall setting, its wide open between the mail and gateway servers - just to be sure!)
2. Only the "Anonymous" option is selected on the connector.
3. Telnet internally works perfectly fine. (I triple checked the firewall setting, its wide open between the mail and gateway servers - just to be sure!)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Interesting!
I haven't done the Wire-shark yet but oddly enough creating a new connector on a different port worked!
Please see the attached screenshot.
- I'm not certain as to where i can place the Subnet mask?
What do you think is preventing me to getting on at port 25?
-BTW: from my Gateway Server I can telnet on to port 25 of the Exchange 2003 (which is in LAN)
All firewalls on the Exchange 07 are turned off.
Screenshot.jpg
I haven't done the Wire-shark yet but oddly enough creating a new connector on a different port worked!
Please see the attached screenshot.
- I'm not certain as to where i can place the Subnet mask?
What do you think is preventing me to getting on at port 25?
-BTW: from my Gateway Server I can telnet on to port 25 of the Exchange 2003 (which is in LAN)
All firewalls on the Exchange 07 are turned off.
Screenshot.jpg
I am sorry i am not able to see the ss sinxe i am bout to sleep. I will take a lootk at it in the morning. Use the dedicated connector for now, actually it is better than using the default connector. I will let you know if I find something interesting in the as. meanwhile you can rate this question.
Hilal
Hilal
PS. to use subnet mask do it in this format 192.168.62.2-255.255.255.0
just separate the ip and mask with a hyphen.
just separate the ip and mask with a hyphen.
ASKER
Sounds good!
Thanks a bunch for the help. Let me know if you ever figure out why just port 25 wouldn't go.
Thanks a bunch for the help. Let me know if you ever figure out why just port 25 wouldn't go.
You Have sent the Screenshot of the new dedicated connector. Can you post the following ss's. Most probably it is permission and authentication mismatch.
1. Authentication Tab and Permission Tab (Default Connector, New Connector)
2. Network Tab (Default and New Connector)
Hilal
1. Authentication Tab and Permission Tab (Default Connector, New Connector)
2. Network Tab (Default and New Connector)
Hilal
1. When you modified the Default Recieve Connector, Did you leve the Default (0.0.0.0 255.255.255.255) as it is?
2. What are the permissions set up on your connector? Do you have Anonymous permitted?
3. Can you telnet to port 25 internally ?
Hilal