Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

X500 email issues + have i got nat configured properly???

Status
Not open for further replies.
SkreeM

SkreeM

IS-IT--Management
Jun 6, 2005
117
GB
Hi there,

I have installed and configured the X500 on a clients site, it is set up with a single external IP address (more are available) and the internal network is on the trusted interface.

for inbound email SMTP i have the filtered smtp service setup routing mail into my exchange 2003 server.

inbound mail appears to all work properly.

i'm having some difficulties with outbound mail where i cant send to certain domains, if i watch the firebox using hostwatch when the server tries to send to these domains an outbound connection is made using dynamicnat from port 20 to externalhost:33XXX then i see a blocked inbound connection from externalhost to myexternal:33XXX the mail fails to send. is this a normal pattern of events??

please advise

Skr
 
Sort by date Sort by votes
I fixed this by adding allowing the AUTH service in and out to my exchange server
 
Upvote 0 Downvote
I'm not very familiar with the auth service, what does it do and is there any security considerations to take into count?

Do you think i have the nat right or should i be doing something with 1 to 1 nat for server address and then the rest of the network out on another address?

Skr
 
Upvote 0 Downvote
AUTH service is used when the remote email server sends the reply on port 113 and the device should be configured to accept that otherwise the remote mail server will not accept the email. It is more or less like authenticating the party. This is done mostly by UNIX or LINUX send mail servers.

The reason you are not able to send email to some domian could be because of this so first thing you need to do is uncheck autobloxk source of packets not handled in policy manager>>setup>>intrusion prevention>>default packet handling.

Then configure auth service predefined in packet filter set the incoming from any to firebox( In case you are not using 1-1 NAT) otherwise to public ip address of 1-1 nat instead the firebox.



 
Upvote 0 Downvote
Sorry for the delay in replying to this, im really confused now, how do i set up a dynamic nat exception?
 
Upvote 0 Downvote
go into the policy manager and go network...nat...advanced...dynamic nat exceptions

then make an entry in the following manner

from internal IP
to enternal IP of the mail server
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
965
Sameer258
Sameer258
Miluis
  • Question
How necessary is an antivirus?
Replies
3
Views
213
Rick998
Rick998
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
755
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
864
intel233
intel233
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
689
nnaarrnn
nnaarrnn

Part and Inventory Search

Sponsor

Back
Top