Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
949
Views
0
Helpful
4
Replies

Two Exchange servers at same network could not send email to each other

rawsonfang
Level 1
Level 1

‎12-15-2006 02:01 PM - edited ‎03-11-2019 02:09 AM

This is my scenario.

#1 One PIX 515 has three interfaces:Outside, Inside and DMZ1

#2. Two Exchange servers in the Inside interface. Server#1 10.0.1.10 hosts abc.com , Server #2 10.0.86.20 hosts xyz.com

#3. Two Symantec SMTP mail gateway server on DMZ1 interface: SMTP gateway1 - 172.16.1.10, SMTP Gateway2 - 172.16.1.20

#4. SMTP Gateway1 forward both inbound and outbound mail for Exchange server 1

SMTP Gateway2 forward both inbound and outbound mail for Exchange server 2

#5. There are Static NAT for one public IP to each SMTP gateways:

static (dmz1, outside) 200.211.10.10 172.16.1.10 255.255.255.255

static (dmz1, outside) 200.211.10.20 172.16.1.20 255.255.255.255

and inculde ACL to permit both inbound and outbound SMTP port 25

#6. MX record for abc.com is 200.211.10.10

MX record for xyz.com is 200.211.10.20

#7. Both Exchange servers could send and receive Internet emails from outside Mail servers, but could not send email between abc.com and xyz.com

#8.Have tried to use alias command for DNS doctoring, and did not work.

It seems that the PIX outside interface, the both public addresses could not pass traffic to each other.

Is there any configure could be done to allow 200.211.10.10 and 200.211.10.20 to send smtp traffic to each other?

Thanks in advance

Labels:
0 Helpful
4 Replies 4

jgervia_2
Level 1
Level 1

‎12-16-2006 01:45 PM

Hello,

I couldn't say more without looking at your configuration, but I'd start out with a

same-security-traffic permit intra-interface

Will allow traffic to go in/out the same interface. This might help.

--Jason

Please rate this message if it solved some or all of your issue/question.

0 Helpful

msubtain
Level 1
Level 1

‎12-17-2006 07:00 PM

What MX your exchange servers resolves internally?

ping mx.abc.com from exchange.xyz.com

ping mx.xyz.com from exchange.abc.com

Muhammad

0 Helpful

rawsonfang
Level 1
Level 1
In response to msubtain

‎12-18-2006 06:56 AM

From exchange.abc.com, the MX for the mx.abc.com is 200.211.10.10 and

From exchange.xyz.com, the MX for the mx.xyz.com is 200.211.10.20

0 Helpful

pengfang
Level 1
Level 1

‎12-21-2006 11:58 AM

DNS Doctoring should sovle your problem:

1. check your alias command, they should be

alias (dmz1) 172.16.1.10 200.211.10.10 255.255.255.255

alias (dmz1) 172.16.1.20 200.211.10.20 255.255.255.255

2. or your can configure your static with "dns" argument

static (dmz1, outside) 200.211.10.10 172.16.1.10 255.255.255.255 dns

static (dmz1, outside) 200.211.10.20 172.16.1.20 255.255.255.255 dns

3. or modify both exchange server HOST file

mx.abc.com 172.16.1.10

mx.xyz.com 172.16.1.20

In exchange server mx.abc.com ping mx.xyz.com,it should resolved as 172.16.1.20.

if the post help,please rate, thanks

peng

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card