Cisco WAN :: Inbound SMTP To Our Exchange Server Through 1841 Rejected
Jan 10, 2011
I am deploying a Cisco 1841 in place of our basic DSL router.I have an ADSL WIC and FA0/0 connected to our LAN.LAN IP ADDRESS range is 192.168.1. 0/ 24 I have dynamic and static NAT configured. At this point although I have ACL's configured I have NOT implemented them as yet for the following reason. I am unable to recieve inbound SMTP traffic - now know my MX records are correct as this all owrks happily on our basic DSL router. I can send external emails no problem and all internal email works fine. [code] I am in the process of defaulting the router and programming the barbones to get the link working and see if inbound SMTP works then start building the blocks again.
I use a mail filtering service that delivers mail to me via SMTP on standard port 25 on one of my 5 static external IP's. I wish to restrict this to their IP's only (they have two) and I am unsure on how to do so? As it stands now, anything on the net can talk to my mailserver and my logs are filling quickly with failed attempts as a result. Here's my setup and what I am trying to accomplish:
mail filtering service -> my public ip:25 -> internal mailserver at 10.0.10.2:25, deny everything inbound except traffic from the mail filtering service, I am thinking an ACL would fit the bill here, but unsure of how to implement. Router is an 1811 with version 15.1(4)M3 IOS. WAN is on fa0, lan is on fa1.
We are using WLC4402 for our Aironet 1240AG access points. The clients are connecting to the access points and are authenticating to the RADIUS server. I am seeing the logs in Server 2008 but they are being rejected due to Network Policy on the NPS server.
Where do I see the Authentication Type on the WLC4400 or the 1240's? In order for the clients (authenticated via Active Directory user) I have to set the Authentication in the NPS Connection Request Policy to "Allow clients to connect without negotiating an authentication method".
I do not have a certificate on the server and my method options are MS-CHAP-v2, MS-CHAP, CHAP, PAP, SPAP, and allow without negotiating. This RADIUS server was moved from Server 2003 IAS to Server 2008 NPS and there were no issues in Server 2003 IAS. I have all authentication methods allowed and it still gives me the error below. Only when I check "Allow clients to connect without negotiating an authentication method" it allows the authentication to proceed.
Client Machine: Security ID: NULL SID Account Name: Fully Qualified Account Name: OS-Version: Called Station Identifier: 00-17-a2-87-54-00: SSID NAME Calling Station Identifier: 00-41-96-b6-e3-27
NAS: NAS IPv4 Address: 192.168.90.24 NAS IPv6 Address: - [code]...
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
I am new to Exchange Server 2007 . I want to know that in order to implement Exchange Server do I need to register Domain name like [url]... ? OR A FQDN of Active Directory can work.Is it compulsory to register domain ?
We use microsoft exchange for outlook. I want to know which ports are being used by our exchange server to receive and send emails. Is it possible to check that?
We have a ASA5510 with a webserver in the DMZ network 10.2.2.0/24. We now want this web server to be able to access the Exchange server in the Inside network 10.1.1.0/24. I researched this and it seemed straight forward according the the Cisco document below:
[URL]
I'm looking to do this with smtp so I added these lines to the config:
Currently, my company runs a DC and exchange server in the building. It is also hosting our website with IIS7. All AD users currently have @company1.com.au email addresses.We have just started an off shoot company and would like to setup emails in exchange so that we can automatically assign and manage emails on the same exchange server. so that each user hasWhat is the best way to do this?At the moment, company2.com - company is hosted outside with someone else. Is there a way that he can direct the mail to us so that he hosts the website but we host the email server?
I just installed LMS 4.0 on OS Window 2008 R2. Right now, I know how to add devices in DCR and set SMTP server. My question is
1. I want LMS to send an alert email when Coreswitch is down how to do that ? 2. I want LMS to send an alert email when interface is down (not all interface but specify one) how to do that ? 3. I want to created a custom portlet that monitor only one device and specify interface on it how to do that ?
I'm trying to change the IP address of the smtp server on cisco LMS 3.2.1;I have changed the IP on the GUi and when it didn't work, in the regdaemon. xml file, but it did not work too;When I capture packets from the LMS, it still sends emails to the old IP;
since upgrading to 8.4(1) on our ASA 5520 I've had nothing but issues with our email server not being able to send out emails (timeouts,corruption, etc) and tried everything and then it dawned on me to turn off ESMTP inspection on the ASA's.Since I've down that our Exchange server SMTP works perfectly again.Why is it that ESMTP corrupts emails so badly from exchange server? (ours is a 2010 sp1)does anyone actually use ESMTP inspection at all?
The Exchange can receieve emails but it will not send them. It cannot make connection to any of the smart hosts on port 25 or can't even send mail using DNS. When I run telnet my.smarthost.com 25 it will not connect but if I run that from the router then it connects fine.
My customer has SSL certificate already installed on microsoft exchnage 2010 servers and now wanted to import that certificate to cisco ACE4710.
How to trace the exact procedure to import the SSL Cert to ACE from microsoft exchange server and how about the KEY, from where I should get the KEY to cross verify for SSL Cert?
I just recently installed a RV220W at my office and (almost) everything works fine. I have noticed that when my iPhone is connected to the RV220 wi-fi network, I get the message "The connection to the server failed" when checking my email. If I disable the wireless on my iPhone, it connects up to the exchange server perfectly fine so it must be a setting with the wireless somewhere but I cannot find it anywhere.....
Is there any way to access a MS Exchange Server 2007 on Windows server 2008 through an ASA 5510 running 8.4 with a full MS Outlook client (not using OWA - web browser)? OWA is currently working fine but I was wondering if access via the full Outlook client is possible and more importantly...is it opening up too many ports on my 5510?
I'm hosting my email on an Exchange Server 2003 box and have my laptop (Vista Ultimate 32 bit) setup to connect to the exchange server for my email. This works fine through a LinkSys RV042 in one location and a LinkSys WRT54GC in another, but fails through the DIR-615 B2 (2.24 firmware) at home. I'm guessing it's blocking something needed for the MAPI connection.
I need to configure my ASA 5520 version 7.3 firewall to translate our SMTP server residing in local LAN to use different IP address from the outside interface which is used by all other computers to access Internet. Under NAT section, I have NATted this internal SMTP server with different IP address(eg x.x.x.1) and also translated the remaining IP addresses in the LAN to the outside interface(eg x.x.x.2)
my problem is, Whenever i check the header for message coming from the smtp server it shows that, the SMTP server is also translated by using the same outside interface public ip address(i.e x.x.x.2) which is used by other client machine to access internet instead of the x.x.x.1. How I can get my SMTP server to use separate IP and avoid to be blacklisted by some domain.
I need to configure my ASA 5520 version 7.3 firewall to translate our SMTP server residing in local LAN to use different IP address from the outside interface which is used by all other computers to access Internet.
Under NAT section, i have NATted this internal SMTP server with different IP address(eg x.x.x.1) and also translated the remaining IP addresses in the LAN to the outside interface(eg x.x.x.2)
my problem is, Whenever i check the header for message coming from the smtp server it shows that, the SMTP server is also translated by using the same outside interface public ip address(i.e x.x.x.2) which is used by other client machine to access internet instead of the x.x.x.1.
how i can get my SMTP server to use separate IP and avoid to be blacklisted by some domain.
Is there any way to access a MS Exchange Server 2007 on Windows server 2008 through an ASA 5510 running 8.4 with a full MS Outlook client (not using OWA - web browser)? OWA is currently working fine but I was wondering if access via the full Outlook client is possible and more importantly...is it opening up too many ports on my 5510?
I have an ASA 5505 with the base license,When I setup the DMZ interface I had to add the deny access to the inside VLAN. The DMZ works fine with WiFi on it, but user's iPhones can't get email unless they turn WiFi off.Is there a simple way to allow HTTPS traffic through the DMZ interface to our internal Exchange server which is NAT'd on the 5505's external IP?
Since I have installed my new router, a Linksys EA6500, I have many problems to connect to my Exchange Server, which is located in my house, via Wifi. I tried to synchronize my Iphone and my Samsung tablet but it won't work. Most of the times I get the message that the Exchange server cannot be connected. When I turn off my Wifi en connect via my mobile provider I have no problems. When I am on a third party wifi I also can connect my server. Seems my own wifi causes lots of problems.
Using an ASA5505, have 1 static outside address, want to access an inside SBS-Server on SMTP, RDP (3389), HTTPS and port 987
Have configured network object nat rules using the asdm, SMTP works (I can telnet to the server on port 25 from outside), however for some reason I can not telnet inside and out on port 25, so outgoing mail does not work. RDP does not seem to work from outside, 987 I havent tested from outside. When I try to create a network object nat rule for https I get this message from the ASA:
I've got some problem with my Mail Server since I've migrated to an ASA5510.Actually the server is in a DMZ with a private Ip ( 10.x.x.2) and it is translated to a Public IP ( 194.x.x.65).I use these configuration :
I can send email though my yahoo account (which is hard wired to my router) and I can access the internet through my wireless device (iPhone 3GS) but I can not send email through my wirless device. I keep getting a message stating it can't reach the smtp server.
I have an ASA 5510, one public IP address on my outside interface, an internal email server and a private network.I would like...
1: Users on my private network to be able to access the internet (PAT them to external outside address) 2: Email to be delivered to my MX (my single public IP address translated back to my internal email server.
i.e. can I share my single public IP address to serve translation in both directions (private users surfing the Internet (in-to-out) and an outside to inside NAT for email) ?
Email (MX) = 1.2.3.4 Public (outside) address = 1.2.3.4 Email server internal = 10.1.2.3 Internal private subnet for users = 10.0.0.0/8
I have an E1500 N300 Router, I've had it for 3 or 4 weeks now. Ever since I've had it, I can no longer send e-mails out with Eudora nor Outlook. I've tried using about 3 different SMTP's just to verify that it wasn't a server issue. I tried Port Forwarding in the router settings. I selected SMTP and POP3 and checked Enable on both, then save changes. But they don't appear to be taking, as when I go back in and try to set them again, it let's me and doesn't give me a Port Overlap warning. I've been told that I shouldn't need to mess with Port Forwarding at all, I just need to go into the Firewall settings and open up the SMTP, POP3, and IMAP ports. However, I don't see any settings in my Router settings to allow this, aside from Port Forwarding and it's not actually saving the changes. I will admit, I'm not all that great with this stuff, and this is the first time I've had any issues with a Router stopping me from E-mailing.
Setup firewall rules that will block all inbound Internet access to the web server except port 443, Setup firewall rules that will block all communication between the two internal networks, except ports 7000 and 1702
I attempted to load RVS4000_WRVS4400N_IPS_Signature_v1.50.zip and received an error message "Signature file is not the correct type of version for this device". I have firmware version 1.3.3.5, and and current IPS version 1.42. why IPS v1.5 is rejected?