quote:

---

Originally posted by cycle:
Oliver,

This sounds identical to the problem I have just been posting about under the title "Dual SMTP Servers!". The one difference is that I have one Exchange server successfully published through ISA. I just can't get a second one published - using a second IP address on the external interface. I can telnet to port 25 of both server while on my ISA box, showing that ISA has no problem communicating with the Exchange servers. And like you, I used the isaserver.org instructions for setting up the rules using the mail publishing wizard.

Diagnostics: I ran Netmon on the external and internal interfaces of ISA while trying to connect to port 25 of the second IP address on the external interface. I found that for the 2nd Exchange server I get:
1. Request from external telnet session to Exchange via ISA gets through to exchange server
2. One packet back from Exchange via ISA to external telnet session
3. Second packet from external telnet session to Exchange is blocked by ISA - at least it doesn't get through.

The first SMTP server published through ISA would next send the acknowlegement banner (220 mailserver.xxxx.com Microsoft ESMTP Mail Service...) but this never gets sent from the second published server because the request from the external telnet session is blocked.

Now, here's the weird bit: Change the IP addresses over on the two SMTP publishing rules and the 2nd publishing rule works with the first server. You'd think this indicates a problem with the 2nd mail server but if you use telnet on ISA to directly open an SMTP session with the 2nd server it works fine! ISA seems to be remembering which was the first SMTP server published. Or else it can't cope with an SMTP server on a different subnet published (even though routes etc are working fine as shown by the fact that I can open an SMTP session with the 2nd server when I'm actually on the ISA server)

Anyone had any success publishing two SMTP servers through ISA? Or am I going to be banging my head against a brick wall of ISA here?

---

quote:

---

Originally posted by <Olivier555>:
Here is a copy of the post I started in Web publishing. I guess Exchange2000 issues are better off in this section.

I have an Exchange2000 server (on a DC) sitting behind ISA. It does not use RPC to talk to ISA.

I did the whole setup according to white papers. I have a publishing rule to POP3, another for SMTP. They are exactly the same except for the protocol.

Result :
- I can send SMTP mails out to the world.
- I can retreive POP3 mail from my external mail provider.

- I can telnet to 110 and 25 directly to Exchange from any machine on the internal network and use manual commands to sent SMTP mail or retreive pop3. So Exchange is not the cause.

- I can telnet from and external host to port 110 on ISA server which redirect the call to Exchange
- BUT I cannot receive any SMTP mails to my Exchange server.

My DNS registration is fine because I use the same name as for the WEB/FTP server. I added an MX record to aarghan.dyndns.org.

Going further, I scanned the EXT INT on ISA.
Port 110 and 25 are listening (netstat -na tells the same).

And the weird this is :
If I use ethereal, when I initiate telnet on POP3 from outside the network, I can trace the TCP SYN, SYN/ACK....and I get Exchange server talking.
But when I start an SMTP telnet, Ethereal catches nothing. And the telnet session prompt stays black.

As Tom suggested I :
- I did already disable SMTP on ISA to prevent protocol conflicts (or whatever it's called - am not an English native speaker!)

- I don't run the Firewall client on the Exchange server. The only information Exchange gets is that the default gateway is one of the ISA internal Interfaces (160.1.1.1). Also, I can stress that the strange thing is that Exchange properly processes External POP3 requests as well as Internal SMTP/POP requests. Not external SMTP routing to Internal network.

- The server publishing rule was setup using the wizard (SMTP, No content checking). I also have one rule for POP3.
I tried to manually setup the rules but without more success.

Can an SMTP packet filter Inbound on port 25 conflict with the server rule?

I am very confused about this strange behavior. Just as a confirmation : I should be able to telnet from an external host to the EXT IF of ISA on port 25 like I do to 110. Right?

Am stuck now :-)

Olivier

---

quote:

---

Originally posted by cycle:
Tom,

Thanks for your help. I'm ashamed to admit that I've now traced the fault to an incorrect default gateway on an intervening router which prevented the SMTP server working as a proper secureNAT client. Because there was a static route to the ISA server I could telnet to port 25 from the ISA server. I thought this would be enough for server publishing, but not so for the external client trying to access the Excahange server as ISA must be passing the external client's IP address.

---

quote:

---

Originally posted by Olivier555:
Hi Tom,

Well, I tried everything without any success. So I decided to install a fresh new ISA server. And..........everything works smoothly now.
I suspect that the routing or port forwarding tables were shot or some inconstitencies occured. Reboots and re-applying of SP1 didn't help.
Brutal re-install did

Now it's time to finish certificates implementation and OWA publishing.

Thanks a lot for your help. You sold one extra book.

Cheers

Olivier

---

Hi Olivier,

Thanks for getting the book!

Good to hear you got things working, even if you did have to reinstall.

Thanks!
Tom

(in reply to Guest)