See my response to Alun under the Telnet topic and give me the same info I asked he and Bocchus_tx for and I'll try to help.

This is what I have; let me know if this is correct.

Inet -> Gateway (router?) 212.x.x.1 -> 212.x.x.2 ISA 212.x.x.18 -> Internal network

I'm a bit confused as to why you are using a public IP on the internal interface of the ISA (not using NAT for internal clients?).

What IP range do your internal clients use? 212.x.x.? to 212.x.x.?

Where does your mail server (212.x.x.12) sit, behind or in front of the ISA server?

What Mail Server are you using Exchange 5.5, Exchange 2k, Non-MS, etc?

How is your mail server configured for relay and authentication?

I know this is just more questions without any answers, but I need to know how the traffic is traveling and to where so I can help troubleshoot this.

Minor thing before I forget...

Ip addresses x.x.x.0 and x.x.x.255 are not "real" IPs. 0 identifies the network, and 255 is a broadcast address. The reason I bring this up is you may want to reduce your LAT to 254, the last usable address.

Internal mail is working, so your Exchange box is doing what it should for users.

Here are the dumb questions again...

How is your smtp authentication/relay set up? My relay security settings stopped incoming mail for a while. I have posted the Ex2k settings that I used on the Server Publishing section, but I'm not sure how to configure it for 5.5.

Did the Ex5.5 server work before? What I am trying to get at is if you moved the Ex5.5 box behind the ISA server, then it stopped working. If this is the case...

Do you have the smtp and pop3 packet filters enabled? (Access Policy\IP Packet Filters)

Have you published the mail server using the server publishing wizard?

Other than those things being messed up, I am not seeing anything in your network configuration that jumps out as wrong.

If all of the above is done and correct, I am stumped.

Let me know if this helps,

Jay

PS:

I re-read Alun's post again, are you trying to telnet from the internal network, or an external account? I have a dial-up machine that is not on my main network that I use through my personal ISP to hammer on my ISA.

I can't telnet through the ISA to my external IP either. Can you telnet into your mail server using the internal IP?

Not that this fixes the inbound mail problem, but it would help us to know if your mail server was published correctly.

[This message has been edited by Dominicon (edited 01 October 2001).]

I don't know how much help I was, but I'm glad to hear it is working now.

Jay

The MX record is for mail exchangers. Your external MX record should point to the SMTP server(s) for your domain. This lets external servers know where to route mail.

If you have multiple SMTP servers, the number associated with the MX record assigns the priority. Lower numbers are tried first, if that connect fails, the next higher MX server is tried. (smpt1.domain (10) -> x.x.x.1, smtp2.domain (20) -> x.x.x.2)

If your external DNS was still pointing at the old machine IP, and not the external IP listening on the ISA, then incoming would fail if the old IP is not reachable. However you stated that the external DNS is pointing to your ISA external IP.

If it is working now, check your MX records to verify where the lowest number is pointing, create the secondary MX for the ISA interface, and when the first IP is unreachable, senders *should* fall-over to the secondary.

When you published the server could you telnet to it from an external account? If you donĘt have access to an external account and would like I can hit your external interface and send you the banners returned. DonĘt post the info here, send it to me at armstrong@isdnet.org if desired and IĘll get the hamsters running in the dial up machine and scan you.

If you would like I can publish my mail related ISA rules here for comparison. They pretty much match those defined in the guides here on the site so I don't know how much help they will be, but it couldn't hurt.

Jay

Never know when this may come up again.

Jay

Are you having a problem with inbound or outbound SMTP access?

Thanks!

Tom

------------------
http://www.isaserver.org/shinder/



Get It Here!

Nicholas Nowik
Benesystems Technology, INC.
214.526.2377
NowikN@yahoo.com

Thanks in advance!

Thanks,

------------------
Nicholas Nowik
Benesystems Technology
NNowik@benesystems.net

quote:

---

Originally posted by nowikn:
Issue resolved . . . was a setting in Exchange's IMC.

Thanks,

---

Could you elaborate for others who may be having the same problem?

Jay

Tom & Everyone . . . not so fast on this issue - I had the same problem when I installed my ISA server w/ Exchange 5.5. Here are a few tips (thanks to my buddy Mark on this one):
* Make sure your DNS rules are setup on ISA - VERY IMPORTANT
* Correct - make Exchange 5.5 a SecureNAT client
* In Exchange Administrator, open the IMC (Internet Mail Service/Connector) and click on the Connetions tab. Depending on the number of users you have on your network (in my case I went from 30 to 100 users in 8 months) you need to adjust the number of Inbound / Outbound connections . . . this is done on the Connections tab, Advanced button - I bumped mine up from the default 30 to 100.
* Next remove your Exchange server from the Server Publishing Rule . . . and re-add it only as a SMTP server. By default, ISA adds many unnecessary connections for Exchange (unless you are running Outlook Express for your mail client, you will most likely not need the additional 'connectors' in ISA).

Hope this helps and feel free to email me anytime for clarification or if you would like to compare settings.

------------------

------------------
Nicholas Nowik
Benesystems Technology
NNowik@benesystems.net