Exchange IP NAT

Hi,

There is a case where we can send/receive emails using exchange local IP but not by using it's public IP.

In local network, when we use exchange's local IP we can receive emails, it's NAT ed in Cisco router and for some reason I can't post the config here, so I was wondering if someone have an idea about this issue?

Note that when I telnet exchange-local-ip 110 it works fine but i can't do it for telnet public-ip 110 !!

We do have a firewall module if this is matter.

Guys, any one knows why I can use exchange's local IP as POP/SMTP server but not the public one?
:!: :!: :!:

Does the public IP work when your outside your network. I mean can you use POP/SMTP of the exchange server from the internet?

Yes, it is working fine. i think it is related to some security stuffs but just can't find it exactly!!!
Or it may be related to DNS, i'm trying to test it inside local network where my DNS is local one which forward queries to another public one (hosted here).
hmm...may be my local DNS only has an MX record for local IP only?!!!?
LOL..I'm talking to myself
Any input from you guys are is highly appreciated.

hmm...may be my local DNS only has an MX record for local IP only?!!!?

You mentioned that your internal DNS server forwards queries to an external DNS server. Does your DNS server also respond to external queries directly?

Maybe this is a bit off context or maybe you already know this, based on your other post, but it may point you in the right direction: Whatever public DNS server is being queried for the mail server for your organization needs to have an MX record that points to your Exchange server's public IP address.

Yup, could be a DNS issue. So to isolate things, I would first use the public IP directly (instead of the DNS name). So this is how I understand it now:

1. When you configure a mail client (say outlook) sitting inside your network with the private IP of the Exchange server, it works.
2. When you configure a mail client sitting outside your network with the public IP of the Exchange server, it works too.
3. When you configure a mail client sitting inside your network with the public IP of the Exchange server, it does NOT work.

If all those cases are true, then I have to say this is one of the common problems that are not easy to solve. The thing is that NAT simply does not work from inside to inside. However, there are some workarounds. Here is a similar discussion, this guy has almost the same problem as yours:

www.dslreports.com/forum/r22167381-Acces...-behind-cisco-router

The link/discussion above suggests placing an entry in your inside/local DNS server to map say mail.xxxxx.com to the private IP 192.xxx.xxx.xxx of the exchange server instead of the public IP. Then you would simply configure your mail clients to use the mail.xxxxx.com name instead of the public IP.