Outlook clients accessing Exchange through 515e from behine firewall
I have a 515e in place but outlook users do not recieve email unless they click on another message or send/receive. How do I permit the exchange server on the outside of the firewall to be able to send email to clients behind the firewall? Say the exchange server is at 184.108.40.206 and the clients sit behind the firewall with a outside interface of 220.127.116.11 and inside clients are in the 10.0.0.1 range. Thanks
Re: Outlook clients accessing Exchange through 515e from behine
I think the problem here is that when new mail comes in, the Outlook server needs to initiate the conversation to the inside hosts so that the email is shown on the inside client. The PIX will disallow this though due to it's normal security policies (everything from outside to inside is dropped unless specifically allowed).
When your inside users hit the Send/Receive button or click on another message the inside PC initiates a connection to the external server to see if there's any new email, and that works fine cause the PIX allows it.
The trouble is, what IP address is the Outlook server trying to connect to when it tries to send new emails to your inside clients? If you set up debugging on the PIX you'll probably see a bunch of denies from the Outlook server going to your firewall address (assuming you're PAT'ing everything to that address, that is) on various ports.
It is probably as simple as allowing all SMTP type traffic from the Outlook server to come into the PIX, but then you need a static translation for all your internal hosts as well, since a static AND an access-list is required for outside-to-inside communication. This means you would need a valid external address for every internal address, probably not something you have I imagine.
Not sure there's a way around this. You're sort of doing it backwards to everyone else where they have the Outlook server on the inside and the clients on the outside, then you just need a static translation for the Outlook server rather than for every internal host.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...