Exchange and DNS

[Darryl]

I've recently installed a Symantec Firewall/VPN 100 on my network.
Firewall and ADSL router are on external IP's. Internally I have given
3 of the servers 192.168 IP's. 2 servers are internal DNS, dynamic,
non transfering. 1 of these 2 is exchange 2K. The third is web site
and DNS for transfer pointing to the firewall as NS, HTTP and MX. The
rest of the network, including the servers advertised on the firewall,
are still operating on the original public IP's that the firewall and
router are on. I have the public servers dual IP's on the same
nic.(Is that wise?)The rest of the network routes upstream through a
proxy server to another link for surfing. They do not use this link
for anything.

The problem is I think DNS is not configured right due to the fact
that mail is not coming in. Outgoing mail works most of the time. The
return message is sender domain doesn't exist.

The rest of the network is working fine.

Any help appreciated.

 

[Ace Fekay [MVP]]

In

I've recently installed a Symantec Firewall/VPN 100 on my network.
Firewall and ADSL router are on external IP's.

Internally I have given
3 of the servers 192.168 IP's.

2 servers are internal DNS, dynamic,
non transfering. 1 of these 2 is exchange 2K.

The third is web site
and DNS for transfer pointing to the firewall as NS, HTTP and MX.

The
rest of the network, including the servers advertised on the firewall,
are still operating on the original public IP's that the firewall and
router are on.

I have the public servers dual IP's on the same
nic.(Is that wise?)

The rest of the network routes upstream through a
proxy server to another link for surfing. They do not use this link
for anything.

The problem is I think DNS is not configured right due to the fact
that mail is not coming in. Outgoing mail works most of the time. The
return message is sender domain doesn't exist.

The rest of the network is working fine.

Any help appreciated.

If you can provide the domain name, we can test it from outside and see what
the MX record gives us. I assume it should give the IP of the Symantec box.

So, assuming the MX record does point to the outside inteface of the
Symantec device, then can I also assume that you have port remapped port 25
on the Symantec device to the internal Exchange box?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Jonathan de Boyne Pollard]

DM> [...] mail is not coming in.

As Ace said, tell us your domain name.

DM> The return message is sender domain doesn't exist.

Is this the message returned to other people when they attempt to mail you ?
In which case, tell us (as well) what the envelope sender mailbox was on their
message, so that we can look up its domain name part and check the veracity of
that error message.