Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port Redirection for Exchange email and owa

Status
Not open for further replies.
klines

klines

MIS
Apr 16, 2001
47
US
We are installing a spam filter and want to redirect our email to a new internal address xxx.xxx.0.31. But we want to continue to have Outlook Web Access go to our internal exchange address xxx.xxx.0.9. Right now all email and owa go to the exchange internal address and is working fine.

Good working config:
PIX Version 6.3(3)
ip address outside xxx.xxx.99.227 255.255.255.224
ip address inside xxx.xxx.6.2 255.255.0.0
ip address dmz1 xxx.xxx.0.1 255.255.255.0
ip address pix/intf3 127.0.0.1 255.255.255.255
arp timeout 14400
global (outside) 1 xxx.xxx.99.228
nat (inside) 1 xxx.xxx.0.0 255.255.0.0 0 0
nat (dmz1) 1 xxx.xxx.0.0 255.255.255.0 0 0
alias (inside) xxx.xxx.0.9 xxx.xxx.99.229 255.255.255.255
static (inside,outside) xxx.xxx.99.229 xxx.xxx.0.9 netmask 255.255.255.255 0 0
conduit permit tcp host xxx.xxx.99.229 eq pop3 any
conduit permit tcp host xxx.xxx.99.229 eq smtp any
conduit permit tcp host xxx.xxx.99.229 eq route outside 0.0.0.0 0.0.0.0 xxx.xxx.99.225 1


Cisco support recommended port redirection, so I made the following change to the config. But after a clear xlate, I was not able to owa and was not able to receive email. I was able to still send email.

Port Redirection config - not working
PIX Version 6.3(3)
ip address outside xxx.xxx.99.227 255.255.255.224
ip address inside xxx.xxx.6.2 255.255.0.0
ip address dmz1 xxx.xxx.0.1 255.255.255.0
ip address pix/intf3 127.0.0.1 255.255.255.255
arp timeout 14400
global (outside) 1 xxx.xxx.99.228
nat (inside) 1 xxx.xxx.0.0 255.255.0.0 0 0
nat (dmz1) 1 xxx.xxx.0.0 255.255.255.0 0 0

alias (inside) xxx.xxx.0.9 xxx.xxx.99.229 255.255.255.255
static (inside,outside) tcp xxx.xxx.99.229 255.255.255.255 0 0
static (inside,outside) tcp xxx.xxx.99.229 smtp xxx.xxx.0.31 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp xxx.xxx.99.229 pop3 xxx.xxx.0.9 pop3 netmask 255.255.255.255 0 0
conduit permit tcp host xxx.xxx.99.229 eq pop3 any
conduit permit tcp host xxx.xxx.99.229 eq smtp any
conduit permit tcp host xxx.xxx.99.229 eq route outside 0.0.0.0 0.0.0.0 xxx.xxx.99.225 1


Can anyone see anything wrong with this not working config so email will go to .31 and owa will go to .9?

Thanks - Kristi
 
Sort by date Sort by votes
I suspect that you need another nat/global pair to match the internal server (0.9) to its corresponding outside (99.229).

My thinking is that the incoming traffic is ok, but when traffic goes out it's using the "global 1" address which the remote system isn't expecting.

Try:
nat (inside) 2 xxx.xxx.0.9 255.255.255.255 0 0
nat (inside) 2 xxx.xxx.0.31 255.255.255.255 0 0
global (outside) 2 xxx.xxx.99.229

 
Upvote 0 Downvote
I was able to get it to work tonight. I just retyped it and gave it more time before testing. It may have been a typo or I just didn't give it enough time.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
696
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
820
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
782
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
589
Nitta84
Nitta84

Part and Inventory Search

Sponsor

Back
Top