I currently have an Exchange server on the private side of my network and had a static route in my PIX so it could be tied to a public IP. Recently I decided that I wanted to take the public IP that I was using for my mail server and direct HTTPs traffic on that IP to my Exchange server and SMTP traffic to a mail relay in the DMZ. Everything was working fine, but some messages were being bounced back. Inbound SMTP traffic was coming in on the correct IP Address, but outbound SMTP traffic was going out on the IP that is used for NAT. Since that IP does not match the IP of the FQDN that is used for mail messages were being kicked back. Anyone know how to fix this?
It seems that inbound mail is going to the mail relay then to the exchange box but outbound is going out from the exchange box bypassing the mail relay. Can you verify that outbound mail goes from the exchange box to the mail relay box then out?
When I made this change https traffic and smtp traffic came in fine, but when the smtp relay attempted to make an outbound connection, it did not use 24.75.xxx.xxx. Instead it used the IP that is used for NAT. I want it to use 24.75.xxx.xxx and not the NAT IP.
When I took the relay out and opened Exchange to the outside on port 25 I used the following static:
Do you have a nat statement on your dmz interface?
We do not nat, but I still have to have the no nat statement on each interface of our PIX. Also, we have 2 dmz's on our PIX and because the dmz is on a lower security level than the inside, we have to route dmz traffic to the inside first, for it to pass out the outside interface.
Also, when we implemented the DMZ's, we removed all statics and use the access-group acl's. That was at the advisement of our Cisco tech rep due to how our network is setup. We found it was the best way to make the DMZ's work.
So....basically our config has no static routes and the config looks like this (we do not NAT, that is why there are no_nat statements):
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...