I'm trying to comprehend this situation that I'm in but I see that I'm confused for the most part.
There is a network which has a PIX on the edge point. It has an outside-if, 162.x.z.86, and inside-if, 162.x.x.1.
There is a mail server (lotus) on the inside segment of the PIX with an IP of 162.x.x.6 - the mail server also has an internal IP of 10.0.16.51 -- The external IP is registered with their hosting co as the MX.
A Barracuda spam filter has been installed as well, with an internal of 10.0.16.145
What I'm trying to do is have all SMTP requests that the PIX receives on the external to forward to the Barracuda, which by the way the PIX can ping so I know there's connectivity, and have the Barracuda hand them off to the Notes.
I've already setup the Barracuda to have the mail server as the lotus box.
On the PIX I've configured an access list to:
access-list allow_inbound permit tcp any host 162.x.x.6 eq smtp
access-list allow_inbound permit tcp any host 162.x.x.6 eq lotusnotes
I assume that this configuration will have the internal of the Notes NATed to 162.x.x.6 when leaving PIX, and any SMTP will be routed to the internal of Notes.
I show some hits on the email_nat access list...
But I don't see Barracuda receiving emails, and I get this report as well when I perform a connectivity test from it:
Error: Supposedly valid email is being rejected by your mail server. Please verify your test email address, and configure your mail server to receive email for this address from the Barracuda Spam Firewall.
Error: It does not look like the MX record for your default domain resolves to your Barracuda Spam Firewall's IP address. Please verify that your DNS servers are properly configured.
Error: Could not send mail to your Barracuda Spam Firewall. Please verify that your network permissions (firewall) allow SMTP traffic from the Internet to the Barracuda Spam Firewall.
I hope I've provided enough information. Is there anyone who can assist me on this issue?
The Domino (Notes) server has both a Public and Private IP.
And the Barracuda currently has a private IP.
Where I think I messed up was that I have PIX NATing 10.0.16.145 to the Global of 162.x.x.6, where PIX will probably never see that 10.0.16.145 address since it's not directly connected to the internal network. I caught that by reading your previous post.
I'm hoping my new proposal will take care of all the unnecessary headaches:
Having the Barracuda in the same public subnet as the PIX. Having outside DNS MX point to Barracuda. Having Barracuda forward to Domino (Notes).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...