Like where they say NOT to put a FE in the Perimeter? :-p (p.s. it does
NOT take extensive connectivity to AD to work. I don't even allow the DC's
or the internal exchange servers to hit the Perimiter network from the
inside out, and everything still works just fine, though the first time you
connect forces Kerberos-Sec UDP is just a tad slow, but after that it is
fast ;)
I'll check it out- thanks dude. t
----- "I may disapprove of what you say, but I will defend to the death your right to say it."
http://www.ISAserver.org
Enable SMTP service logging and get ready to fire up NetMon, but take a quick read of this great article that will shed some light on possible SMTP service issues and SMTP filtering at the ISA firewall.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/firewall-exch ange2003.mspx
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Monday, December 19, 2005 10:54 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: SMTP publishing
http://www.ISAserver.org
Yo-
I too have this funky issue with SMTP publishing just on this one box. This one is an External, Internal, Perimeter Network setup-- when I go to publish from the External IP to the Perimeter segment, the rule is in place just fine, but I get the Default Rule denied the traffic. It showed that it denied SMTP (not SMTP Server, btw) from the External to Local Host. The network segments are set up correctly, with the right IP's and all. The perimeter network is set to route. It just won't work.
The only thing different about this box is that this is the one that still shows "192.168.7.180" in my Domain Controller built-in Computer Sets that it won't let me edit out. I did the whole ADSI Edit thing and ntdsutil, but that site was gracefully removed, and it no longer referenced anywhere. Odd thing is that my perimeter network is 192.168.3.0 255.255.255.0 (NOT 192.168.7.0) so I'm not sure what all the hubbub is about.
Jim? Tom? Anyone?
t
----- "I may disapprove of what you say, but I will defend to the death your right to say it."
----- Original Message ----- From: "Bunting, Jeff" <BUNTING@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, December 16, 2005 11:03 AM
Subject: [isalist] SMTP publishing
> http://www.ISAserver.org > > I just created a rule to publish SMTP from my Exchange 2003 server, but > I'm > getting 0x8007274c errors on the ISA server when I try to telnet to port > 25. > I do establish a connection, but get no response. > > The Exchange server is a front end server and I have OWA and RPC over HTTP > published through ISA for this same server. I can telnet to this server > internally. > > I don't see anything written to the smtpsvc logs on Exchange and a netstat > doesn't show any connection from the ISA server, so it looks like the > external telnet connection to ISA is made OK, but traffic isn't making it > from ISA to Exchange. > > Also, I can make a telnet connection from the console of ISA to the > Exchange > server. > > I'm stumped. Anyone have an idea? > > Jeff > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx >
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx