Re: Problem publishing SMTP server in DMZ
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 1 Dec 2005 16:34:29 -0400
A couple of things
To: '192.168.1.10 <http://192.168.1.10/> ' 'Requests appear to come from
IA Server computer' Requests should not be coming from the ISA ip
address, change that for starters.
Smtp should be from the external IP address, not anywhere.
________________________________
From: Scott Truman [mailto:scott.truman@xxxxxxxxx]
Sent: Thursday, December 01, 2005 4:02 PM
To: ISA Mailing List
Subject: [isalist] Re: Problem publishing SMTP server in DMZ
http://www.ISAserver.org
Errr, any ideas, or should I be logging this problem with Microsoft
then?
Scott
On 12/1/05, scotty <scott.truman@xxxxxxxxx> wrote:
Hi,
Layout:
ISA2004 SP1 with 3 interfaces.
External = Public IP Address
DMZ/Perimeter = Private IP Address 192.168.1.0/24
Internal = Private IP Address 10.10.10.0/22
SMTP Server publishing rule (created using wizard):
Action: 'Allow'
Traffic:'SMTP Server'
From: 'Anywhere'
To: '192.168.1.10' 'Requests appear to come from IA Server
computer'
Networks: 'External'
Schedule: 'Always/Active 24hours a day'
Problem:
I am having troubles publishing an SMTP server that lies in the
DMZ
(Tri-homed ISA 2004). When the published server rule, created
using
the wizard, is set to the IP in the 'Perimeter' or DMZ network
the
last default rule gets hit and I get the following logged:
(Where
200.200.200.200 is the external IP connecting and
111.111.111.111 is
the IP of the isa server's external interface)
ISASERVER 2005-11-21 20:07:56 TCP 200.200.200.200:13959
111.111.111.111:25 200.200.200.200 External Local Host Denied
0xc004000d Default rule SMTP
Now if I change the rule to point to an SMTP server connected on
the
internal interface it works, with the following logged:
ISASERVER 2005-11-21 22:07:52 TCP 200.200.200.200:13703
111.111.111.111:25 200.200.200.200 External Internal Terminate
0x80074e20 Mail Server rule SMTP
I can cannect on port 25 from the ISA server to the SMTP server
in the
DMZ.
What am I doing wrong?
Thanks in advance.
Scott
--
-----------------
email: scott.truman@xxxxxxxxx
mobile: 07716262930
home: 0207 346 8867
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
