Jump to content
xisto Community
Sign in to follow this  
Followers 0
andrescasta

Need Some Dns Help

By andrescasta, in Computer Networks

Recommended Posts

andrescasta    0

andrescasta
Posted

We have an IP block of x.x.x.0 - x.x.x.15 PIX is set up with the x.x.x.14 address. Mail server set up as x.x.x.8 address. We have OWA, and the line in the PIX that allows this is access-list acl_out permit tcp any host x.x.x.8 eq https This also allows for our PocketPC phones to connect to Exchange ActiveSync. The globals are set up as global (outside) 1 x.x.x.9-x.x.x.13 global (outside) 1 x.x.x.14 We get errors when sending emails to servers that do not allow allow emails to be sent without a reverse DNS entry. When I look up the mail server, I get: Answer: x.x.x.8 PTR record: mail.company.com. However, in the SMTP logs of people we can't send to we see this: 3264 00:03:33.748 Got: <EHLO mail.company.com> 3264 00:03:33.779 Event - No PTR record for <x.x.x.14>, rejecting 3264 00:03:33.779 message <554 No SMTP service here> Now, my question is, do I need to fix something in our router, PIX, or ISP DNS server? andrescasta

Share this post

Link to post
Share on other sites

kservice    0

kservice
Posted

I'm making some assumptions here since you didn't post your access-groups for the outside interface. But... You need to use a STATIC for the mail server. You tie the .8 address to the inside IP. You do still want it natted, otherwise the pix will just pass the private address out to the internet. The reason you are showing your IP as .12 is because of this: global (outside) 1 x.x.x.9-x.x.x.13 global (outside) 1 x.x.x.14 The first 5 people to connect out to the internet are getting 1 to 1 Nat. You happened to be one of them. After those 5 connections are done, everything else is PAT translated. There's no real reason to configure a pix like that. You can safell remove the "global (outside) 1 x.x.x.9-x.x.x.13" and let everything get PATted when browsing/whatever. Then define statics for inside servers (unless <shudder> you still have conduits, in which case you have to jack with conduits...) kservice

Share this post

Link to post
Share on other sites

andrescasta    0

andrescasta
Posted

I did not set up this PIX, and I'm sure there is some cleanup that needs to be done. However, in my previous post, I posted the static and the mail server is in there: static (inside,outside) x.x.x.8 192.168.1.35 netmask 255.255.255.255 0 0 The show access-list is freaking huge, but I'll post it up if it will help andrescasta

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept