Re: Inbound SMTP traffic

Tech-Archive recommends: Fix windows errors by optimizing your registry

---

• From: Larry Heimendinger <LarryHeimendinger@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 18 Mar 2008 21:23:00 -0700

---

Yes, Phil, it is configured to replace the SOHO router correctly. Same IP
address, dual NIC cards, single NIC on SBS 2003. SOHO disappears forever
when we implement.

The ISA server is configured as an edge firewall, so I published Exchange
Server with the internal address (same IP as SBS server of course). However,
i have the inbound SMTP mail failing. The log shows that port 25 inbound
traffic is coming from the external network and destined for the local host.
I can't figure this out.

Thanks for the attmpet, let me know if you have any other ideas.

"Phillip Windell" wrote:

"Larry Heimendinger" <LarryHeimendinger@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:6871FB00-09B4-4236-A26F-594D83C418D0@xxxxxxxxxxxxxxxx

I am trying to configure a new ISA 2006 server in front of a SBS 2003
hosted
domain with a VPN to a remote branch office. It seems as though
everything
is working as planned, except that inbound SMTP traffic is not working
properly.

So the ISA is not on the same box as the SBS,...and the SBS is running a
single nic like any other machine on the LAN? Yes?,...Good.

When I simply use the Publish Mail Server wizard and publish the Exchange
Sever on SBS, I notice that the denied attempts show traffic from External
to
Local Host. The IP address showing up as the destination is the external
address of the ISA server, not the internal address of the Exchange
Server.
If I allow traffic onto the local host, of course I get failed connection
(nothing listing on SMTP?).

Use a Mail Server Publishing Rule for SMTP.
Source is the Default IP# of the ISA External nic.
Destination is the specific IP# of the SBS Server.
The ISA must be using the same IP#s as the previous SOHO box,...obviously
the two can not be running on the LAN at the same time. If the IP# is not
the same on the internal side,...hence the ISA is not the default routing
path to the Internet then the Publishing Rule must be set to "Requests
appear to come from the ISA".

As an extreme, I did a backup of another ISA 2006 configuration, imported
it
with overwrite to the new server, and modified the pertinent settings of
the
existing rules, i.e., internal addresses of the Exchange Server,

That could have made a mess of everything. I cannot help you with that.

I published both server and client; SMTP and SMTPS server, and RPC over
HTTP, ActiveSynch, Mobile, and OWA for client.

You don't Publish "Clients".

Any help about further troubleshooting or ideas on what is not set
correctly
will be most appreciated. It is driving me a bit batty, and the target
management thinks I am an idiot (well, that is still correct) because I
told
them replacing a SOHO network appliance would be a few minute swap out.

It would only be a few minute swap out if you ran the ISA the way you run a
SOHO box, which makes the ISA almost a waste of money. To install and
operate the ISA according to how an ISA is intended and expected to be run
takes a reasonable amoumt of planning and labor.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

.

---

• References:
  • Re: Inbound SMTP traffic
    • From: Phillip Windell

• Prev by Date: Re: Logging user name
• Next by Date: Re: ISA 3-Leg Config Question
• Previous by thread: Re: Inbound SMTP traffic
• Next by thread: Student In Who would like some help with ISA2006 Enterprise
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: RWW Timing ... If you have installed ISA, ... Expand the server node and highlight ''Monitoring''. ... In the following website you can find many useful resources related to SBS ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: DHCP Issues. Very strange ... default order of rule in ISA 2004. ... Windows SharePoint Services intranet site, ... server certificate on Web server name column and then click Next. ... This newsgroup only focuses on SBS technical issues. ... (microsoft.public.windows.server.sbs) Re: SBS VPN setup? ... The 2-nic configuration is used when the SBS server will *also* act as your network's firewall. ... You purchase 2k3 PREMIUM and that comes with ISA to handle the firewall duties. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ... (microsoft.public.windows.server.sbs) RE: ISA access rules, help ... please let me know whether you're using ISA 2000 or ISA 2004 ... (SBS SP0 or SBS SP1). ... the ISA server will not be used as a proxy server. ... Since SBS already used port 80, ... (microsoft.public.windows.server.sbs) Re: SBS Advice Please ... Notice that the netgear router will be infront of ISA. ... Javier [SBS MVP] ... > SQL server as it is the protected patient data. ... >> always keeps a copy of the profiles (even if you are using roaming ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.configuration  > 2008-03