Tencha
asked on
Exchange Relay from the DMZ
Exchange to MobileIron in DMZ
Asked by: Tencha
There is a server in the dmz "MobileIron" and we are trying to set up a connection where "mobile iron" server can send e-mail by connecting to Exchange that is located internal.
At this point we have the firewall set up to allow mobile iron to send via port 25. The connection "kinda" works, because from mobile iron server we receive internal email when we test the connection from the application.
Layout Receive:
MobileIron Server- IN DMZ
Cisco ASA Firewall routing from DMZ to TMG server
TMG server to load balancer "Kemp"
From the Kemp to our primary CAS Array
Layout for Send:
Exact same thing in reverse however there are not restriction or logging.
What is the set-up need to ensure that the mobile iron server within the DMZ can contact the exchange server internally?
Asked by: Tencha
There is a server in the dmz "MobileIron" and we are trying to set up a connection where "mobile iron" server can send e-mail by connecting to Exchange that is located internal.
At this point we have the firewall set up to allow mobile iron to send via port 25. The connection "kinda" works, because from mobile iron server we receive internal email when we test the connection from the application.
Layout Receive:
MobileIron Server- IN DMZ
Cisco ASA Firewall routing from DMZ to TMG server
TMG server to load balancer "Kemp"
From the Kemp to our primary CAS Array
Layout for Send:
Exact same thing in reverse however there are not restriction or logging.
What is the set-up need to ensure that the mobile iron server within the DMZ can contact the exchange server internally?
ASKER
I am on Ex2010 Sp1 I did all those steps and through the various testing I remove all the security check boxes to ensure nothing would prevent the connection. Still didn't work.
Also, I could not add the server to "exchange servers" because it in not part of the internal AD network, hence why this is no so easy.
Also, I could not add the server to "exchange servers" because it in not part of the internal AD network, hence why this is no so easy.
Just follow the guide from the Exchange team for Exchange 2007:
http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx
It is the same for Exchange 2010. The fact that it is in the DMZ makes no difference other than ensuring the NAT is correct (if used) so that you don't turn Exchange in to an open relay.
Simon.
http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx
It is the same for Exchange 2010. The fact that it is in the DMZ makes no difference other than ensuring the NAT is correct (if used) so that you don't turn Exchange in to an open relay.
Simon.
ASKER
Still not working ...to external. I am able to get e-mail routed from DMZ to internal address accounts. But from the DMZ server "Mobile Iron" I can not route e-mail out using our exchange system.
Internal addresses aren't a relay.
Did you setup a new connector? If so, configure logging on it so that you can see what happens when you try to send email. It could be that the IP address Exchange sees is different to the one you think it is, and the wrong connector is being used.
Simon.
Did you setup a new connector? If so, configure logging on it so that you can see what happens when you try to send email. It could be that the IP address Exchange sees is different to the one you think it is, and the wrong connector is being used.
Simon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It was not suggested....
Chances are, you just need to add the IP of the DMZ device to the network tab of the Receive connector in the HUB.
In 2007, it looks like this: