Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
252
Views
0
Helpful
1
Replies

DNS - Email-NAT issue

wsclowers
Level 1
Level 1

‎12-15-2005 02:28 PM - edited ‎03-09-2019 01:22 PM

I am running a Cisco 831 with fastethernet 4 used as a DMZ port (ethernet 2). My ISP gave me a /29 network. Of the 6 usable IP's one is assigned to the ISP's device and one to ethernet 1 on my 831. Because of this, I am using static NAT to map the other 4 to the private IP's (172.17.1.0/24) of servers on the DMZ. One of the servers (172.17.1.3)is MX 10 for the domain and another (172.17.1.5) is MX 20 for the same domain. Everything works OK except for this:

When MX 20 (172.17.1.5) trys to forward email to MX 10, it performs a DNS lookup and receives the registered IP for MX 10 (69.2.x.x which is static NATed to 172.17.1

3). When it trys to connect to 69.2.x.x), the connection is refused. From MX 20, I can telnet to MX 10 "telnet 172.17.1.3 25" and connect, but if I go "telnet 69.2.x.x 25" the connection is refused.

I hope this explains the problem clearly. Does anyone have any suggestions as how I can work around this?

Labels:
0 Helpful
1 Reply 1

nkhawaja
Cisco Employee
Cisco Employee

‎12-15-2005 05:18 PM

i think the easiest solution will be to use the local host file on your MX10 server and have an entry of private IP address of MX20.

in that way the MX10 need not to resolve the MX20 hostname to a public address.

other then that you have to use some routing and stuff or policy routing etc to get around this

0 Helpful
Customers Also Viewed These Support Documents