Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Exchange IP NAT

Exchange IP NAT 7 years 5 months ago #30785

  • Alans
  • Alans's Avatar
  • Offline
  • Senior Member
  • Posts: 230
  • Thank you received: 1
  • Karma: 0
Hi,

There is a case where we can send/receive emails using exchange local IP but not by using it's public IP.

In local network, when we use exchange's local IP we can receive emails, it's NAT ed in Cisco router and for some reason I can't post the config here, so I was wondering if someone have an idea about this issue?

Note that when I telnet exchange-local-ip 110 it works fine but i can't do it for telnet public-ip 110 !!

We do have a firewall module if this is matter.
always Face your Fears...
The administrator has disabled public write access.

Re: Exchange IP NAT 7 years 5 months ago #30800

  • Alans
  • Alans's Avatar
  • Offline
  • Senior Member
  • Posts: 230
  • Thank you received: 1
  • Karma: 0
Guys, any one knows why I can use exchange's local IP as POP/SMTP server but not the public one?
:!: :!: :!:
always Face your Fears...
The administrator has disabled public write access.

Re: Exchange IP NAT 7 years 5 months ago #30815

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Does the public IP work when your outside your network. I mean can you use POP/SMTP of the exchange server from the internet?
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: Exchange IP NAT 7 years 5 months ago #30819

  • Alans
  • Alans's Avatar
  • Offline
  • Senior Member
  • Posts: 230
  • Thank you received: 1
  • Karma: 0
Yes, it is working fine. i think it is related to some security stuffs but just can't find it exactly!!!
Or it may be related to DNS, i'm trying to test it inside local network where my DNS is local one which forward queries to another public one (hosted here).
hmm...may be my local DNS only has an MX record for local IP only?!!!?
LOL..I'm talking to myself :)
Any input from you guys are is highly appreciated.
always Face your Fears...
The administrator has disabled public write access.

Re: Exchange IP NAT 7 years 5 months ago #30821

  • KiLLaBeE
  • KiLLaBeE's Avatar
  • Offline
  • Expert Member
  • Posts: 466
  • Karma: 0
hmm...may be my local DNS only has an MX record for local IP only?!!!?

You mentioned that your internal DNS server forwards queries to an external DNS server. Does your DNS server also respond to external queries directly?

Maybe this is a bit off context or maybe you already know this, based on your other post, but it may point you in the right direction: Whatever public DNS server is being queried for the mail server for your organization needs to have an MX record that points to your Exchange server's public IP address.
The administrator has disabled public write access.

Re: Exchange IP NAT 7 years 5 months ago #30822

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Yup, could be a DNS issue. So to isolate things, I would first use the public IP directly (instead of the DNS name). So this is how I understand it now:

1. When you configure a mail client (say outlook) sitting inside your network with the private IP of the Exchange server, it works.
2. When you configure a mail client sitting outside your network with the public IP of the Exchange server, it works too.
3. When you configure a mail client sitting inside your network with the public IP of the Exchange server, it does NOT work.

If all those cases are true, then I have to say this is one of the common problems that are not easy to solve. The thing is that NAT simply does not work from inside to inside. However, there are some workarounds. Here is a similar discussion, this guy has almost the same problem as yours:

www.dslreports.com/forum/r22167381-Acces...-behind-cisco-router

The link/discussion above suggests placing an entry in your inside/local DNS server to map say mail.xxxxx.com to the private IP 192.xxx.xxx.xxx of the exchange server instead of the public IP. Then you would simply configure your mail clients to use the mail.xxxxx.com name instead of the public IP.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.091 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup