• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Incomming SMTP via Router/ISA/NAT

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Incomming SMTP via Router/ISA/NAT Page: [1]
Login
Message << Older Topic   Newer Topic >>
Incomming SMTP via Router/ISA/NAT - 19.Nov.2002 10:06:00 AM   
mdealmei

 

Posts: 5
Joined: 19.Nov.2002
From: South Africa
Status: offline
Hi everyone, I have a Cisco router with an external IP of 196.1.1.1 (say for example). Due to history from our previous setup, the router is configured with NAT, and routes all incomming port 25 packets from 196.1.1.1 to our internal Exchange server of IP 192.168.78.201. Upon publishing this server in ISA, i have no problem sending out mail, but don't recieve any email. My Question: Do i have to change the route configured in the Cisco router to forward all port 25 packets from the IP 196.1.1.1 to the External NIC on the ISA server, then create a rule in ISA to send all port 25 packets to my Exchange server? That is kind of what i understand needs to be done, but would like this to be confirmed. If so, can you please give me some more details for the ISA side, or any other better options.

Thanks very much,
Michael
Post #: 1
RE: Incomming SMTP via Router/ISA/NAT - 19.Nov.2002 3:30:00 PM   
chazmanoh

 

Posts: 5
Joined: 6.Nov.2002
From: Ohio, USA
Status: offline
Your right, you do need to route (NAT) to the external NIC address. I too have a Cisco router and I recommend turning off the NAT in your router and have everything forwarded to the external NIC address. This will save you a bunch of frustration later. [Big Grin]

(in reply to mdealmei)
Post #: 2
RE: Incomming SMTP via Router/ISA/NAT - 19.Nov.2002 4:34:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Chuck,

I agree. If at all possible, just let the router route and turn off the NAT. However, if you want the NAT enabled, just forward all incoming packets to the external interface of the ISA Server. But...if you're very comfortable with the router configuration, allow only inbound packets that you want to arrive to the ISA Server, then you have a nice bakc to back DMZ configuration.

HTH,
Tom

(in reply to mdealmei)
Post #: 3
RE: Incomming SMTP via Router/ISA/NAT - 20.Nov.2002 7:07:00 AM   
mdealmei

 

Posts: 5
Joined: 19.Nov.2002
From: South Africa
Status: offline
Thank you Chuck and Tom for confirming this technicality, i appreciate it.

(in reply to mdealmei)
Post #: 4
RE: Incomming SMTP via Router/ISA/NAT - 20.Nov.2002 7:21:00 AM   
mdealmei

 

Posts: 5
Joined: 19.Nov.2002
From: South Africa
Status: offline
quote:
Originally posted by tshinder:
Hi Chuck,

I agree. If at all possible, just let the router route and turn off the NAT. However, if you want the NAT enabled, just forward all incoming packets to the external interface of the ISA Server. But...if you're very comfortable with the router configuration, allow only inbound packets that you want to arrive to the ISA Server, then you have a nice bakc to back DMZ configuration.

HTH,
Tom

Hi Tom,

Thank you for your reply.I have bought the Book "Configuring ISA server 2000", and am finding it very comprehensive. Just have one question about your post. What do you mean by "But...if you're very comfortable with the router configuration, allow only inbound packets that you want to arrive to the ISA Server, then you have a nice bakc to back DMZ configuration." Sorry i am a novice in this field, but am trying.

Thanks

(in reply to mdealmei)
Post #: 5
RE: Incomming SMTP via Router/ISA/NAT - 21.Nov.2002 6:26:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Michael,

I didn't say it very well [Big Grin] , but what I meant to say is that if you're comfortable configuring your router, you can create a packet filtering router setup so that no unsolicited requests are allowed inbound except for those you want. This protects servers on the DMZ and on your internal network.

HTH,
Tom

(in reply to mdealmei)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Incomming SMTP via Router/ISA/NAT Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts