Recent content by tpulley

There are several domains this is happening to not just one or two. Maybe 20? It makes me think its on our side but I cannot find out what it is. I can telnet to the mx record fine with everyone I have tried.

No smarthost being used. The rejections are for example: Email sent to two@123.com the rejection states that fat.com domain doesn't know of a user on this mailbox. Others are the 5.7.1 email address failure to send. Internal nslookup (dns) does resolve to the correct mailserver. The...

Is this user whitelisted? So here is another test. Did you try this: Can you have the sender send you the email, then you can try forwarding to the one who cannot receive it. Another suggestion, create a mapi profile on another computer for the user having the issue (preferrably one who...

Is there any antivirus program running on the local client? It sounds like it is stripping away the attachment. Usually it adds a notice. Can you have the sender send you the email, then you can try sending to the one who cannot receive it. It almost has to be something on the users machine...

This is a strange issue. This started a couple of months ago. Users send emails/reply to emails and the emails are rejected by remote side, the remote side has a tottaly different dns name. Users can resend and sometimes they go through the first time sometimes they have to do it twice. They...

I always only use the actual outside IP of the ASA. Never seen it done any other way. You are only limited to how many Concurrent VPN's your license allows.

cannot do this.

Looks like to me you need a static translation rule to get to the exchange server via port http or whatever you are going to use.

The archectiture of the asa is a lot different than the pix series was. The asa is more modular and allows the ability to snap in other pieces (like the botnet filter they released not that long ago, for a fee of course). So it should be a while before it goes away.

Your static is backwards> nat (outside,dmz) source static any interface destination static external-ftp-test 172.16.200.21 no-proxy-arp Should be nat (dmz,outside) source static any interface destination static external-ftp-test 172.16.200.21 no-proxy-arp

You may also be able to telnet (if you have allowed this) to the device and capture the config from that.

You need a nat exceptions rule and allowance for the same. Also I didn't see a local ip pool to give users an IP address. For example. access-list 100 permit ip 10.1.100.0 255.255.255.0 172.16.252.0 255.255.255.0 ip local pool Remote_Users 172.16.252.1-172.16.252.25 mask 255.255.255.0 nat...

Looks to me that what you are trying to accomplish isn't possible. You only show a single IP to the outside interface. Yet you want to allow all traffic to that ip. You can allow certain ports into various devices without a problem just not all. The fw has some ports for itself in routed...

Me thinks you have more wrong than that. I see not nat or global statements.

I can't imagine why you would do it this way but... If you get connected to the vpn and cannot touch the addresses in that range you most likely have an acl problem. Without a config its anyones guess.