Ms Exchange DNS and PIX firewall

[Cristhian]

Hi all,
I had my network with my exchange server in the inside zone and my firewall IBM 3.3 . This firewall managed one inside DNS (DNAT) and one outside DNS (ISP).
I replaced the firewall IBM by one Cisco PIX firewall 4.4. I realized that the PIX did not manage DNAT and because of that I am only using the inside DNS that makes the forwarding to the ouside DNS.
The navegated, browser, FTP and other internet services do not have problems. But my users have problems with their email because its very slow.
I believe that the problem could be a network resolution, but I am not sure.
Could you help me?


[sig][/sig]

 

[Razbot]

I don't use PIX at the moment but if your finding the mail is working but slowly, it could because your not rejecting port 113 "AUTH" but denying it.

SMTP servers like to get Auth info from the server in the MX table, by Denying it the other SMTP servers could be waiting to timeout, by rejecting the request to port 113 on the firewall it tells the SMTP server that you dont want it to get that info and it carries on without the wait.

Raz