SA520 NAT/PAT not working with NAT address

The SA520 I have is configured on one public IP address and an exchange server is behind it.  THe exchange server is configured with an internal address and the SA520 is performing NAT translation to a unique public address for the email server itself which is independant of the SA520.  It seems that the SA520 is sending email out the NAT address correctly at some time and at other times it seems to be sending the email traffic over the PAT address of the SA520 public address.  When this happens the email gets blocked due to spam lists.  Then the email will work again correctly.. and then go back.  If I use a 3rd party website to test the IP address sometime I get the correct one and sometimes I get the wrong address.
Is there a way I can confirm that the SA520 NAT settings are correct to allow ALL outbound communications from the exchange server (which is behind the SA520)?  I may have the SA520 configuration wrong and it is possible that the SA520 is only providing inbound PAT for port 25.  How do I tell the SA520 to do a 1 to 1 NAT with the exchange server?

Hi John,
In order to establish a 1 to 1 NAT on the SA 500 series, as in your case, you must first you must first add an IP Alias for your 2nd WAN.  Next, you create a Firewall rule to "force" all or selected traffic from your NATed server (LAN) to the WAN to go out thru the IP ALIAS address.  Finally, we forward specific traffic from the WAN to your NATed Server (LAN) thru Firewall Rule(s).  See sample wan2lan bitmaps attached. Do this for each of the services that you will allow to come in thru the SA 520 to your Server.  As long as there are no other Firewall rules overlapping with the newly created rules, traffic to and from your NATed server will come/exit thru your ALIAS IP.
We can verify this by performing a WAN Packet Trace (Administration-->Diagnostics -->Packet Trace)  After choosing Dedicated WAN as the Network to be captured, Click on Start to perform Packet Capture.  Go to your NATed server, and perform the following, on a command prompt window Ping google.com, open a browser window and open google.com.  On a remote machine, open a web page on your server (OWA?) to test incoming HTTP/HTTPS requests. Stop your capture, and save the packet capture file by pressing the Download button.  Open file with Wireshark/Ethereal and observe the source and destination address of the packets.  They should have the ALIAS address and not the WAN IP address.
If the above step is good, then we have to take a look as to if and why your SMTP or email services are not being routed out the ALIAS interface. Repeat capture steps as above, but this time send an outgoing email, and test an incoming email by emailing an internal account from an outside email acount (yahoo, gmail, hotmail).
If you still have failure, and you have IPS or ProtectLink enabled, can you run the steps that failed with IPS and/or ProtectLink both disabled?
If there are issues, you can post the captures as a personal message to me.
I hope the above will help narrow the issue a bit.
Best regards,
Julio

Similar Messages

  • I have recently switched ISPs and have anew e-mail address but ThunderBird will not work with this address. Have tried tech staff with Bell to no avail

    My old e-mail address was SHAW XXXXX.and worked very well with Thunder Bird mail. I recently switched to new ISP Bell and my new address is XXXXXX However with several attempts with techs ,Thunder Bird will not work with my new ISP. I had to start using Outlook.com and Outlook Express 6 for e-mail,but I really liked Thunder Bird and have numerous e-mails stored in it that I cannot import.
    Outlook Express 6 is outdated and because I am running Windows XP it will not give me a newer version.I find Outlook.com confusing to me. Can you help

    Why don't you tell us what you did and why it didn't work? Start from File/New/Existing Mail Account, enter your details, click Continue, then immediately click Manual config. On the next screen enter these settings:
    incoming POP server: pophm.sympatico.ca
    port: 995
    Connection security: SSL/TLS
    Authentication: Normal password
    User name: your full email address
    outgoing SMTP server: smtphm.sympatico.ca
    port: 587 (or try 25)
    Connection security: STARTTLS
    Authentication: Normal password
    User name: your full email address
    http://support.bell.ca/Internet/Email/How-to-use-Bell-Mail?step=3
    Also, enable POP access as mentioned in the link.

  • ODDC WebCapture not working with IP Address

    Hi All,
    I have installed Oracle Distributed Document Capture,Everything working fine with localhost.
    http://localhost/DocumentCapture/WebCapture.asp?script=1
    but if use http://120.120.20.20/DocumentCapture/WebCapture.asp?script=1
    with Ip Address giving error like "Unable to Create temp file in C:/test".I given all permision to test Folder
    If anybody got this type of error, please share the solution.
    thanks,
    nr

    Yes, but does running IE with admin privileges (right click -> Run as administrator) bring any change?
    Regards,
    Boris

  • HT202360 Why does email forwarding not work with external addresses?

    I have tried to setup an internal email account which is meant to forward emails to an external account.
    Under the account's mail options i have set "Mail should be: " to Forwarded and typed in the email address underneath. However, both with an external domain and the me.com domain it does not send the email. If i send an email directly from the accounts using my IMAP account the server has no problems sending the emails to the addresses.
    The results of running sudo serveradmin command mail:command = getAutoForward is:
    mail:<<id1>>:fwdAddress = "[email protected]"
    mail:<<id2>>:fwdAddress = "[email protected]"
    mail:<<id3>>:fwdAddress = "[email protected]"
    Is there sometime i'm missing?

    I have also tried adding a new email account with the [email protected] to see if it was the original account that was the problem, but the new email account doesn't send the emails on either.

  • Flash player does not work with new ICS Android 4.0.4 OS. Has this problem been addressed?

    Flash player does not work with new ICS Android 4.0.4 OS. Has this problem been addressed? I am using Firefox Beta for android and I also tried just Firefox.

    Please check the Play Store app for any Flash updates and install them if present.

  • TS4139 I had 2 MobileMe email addresses, but only went thru ICloud process with one (my main address). Now the secondary address is not working with iCloud. Did I have to go thru the process with both addresses? Can I get that address back?

    I had 2 MobileMe email addresses, but only went thru iCloud process with one (my main address). Now the secondary address is not working with iCloud. Did I have to go thru the process with each address? Can I still get that secondary address to work with iCloud?

    It was totally separate. I just now went back to a previous email from Apple to that secondary address which urged me to transition to iCloud. I followed the link and it prompted me thru the process and the address is now able to send/receive emails. Thanks.

  • IsValid does not work with extended email address

    This invalidates valid addresses.
    <cfset testemail = '"No One"
    <[email protected]>'>
    <cfoutput>#testemail#</cfoutput><br />
    <cfif isValid("email",testemail) >
    good email
    <cfelse>
    bad email
    </cfif>
    Any ideas how to make this work with extended
    addresses?

    > blah blah <[email protected]> is a predictable format.
    You can use string functions to find the part between the angle
    brackets and apply the isValid function to that.
    Yep, but isValid() just doesn't reliably validate even the
    email address
    part of that string (well: that *exact* example, sure it
    will). It can't
    be used to RELIABLY validate email addresses. The regex it
    uses is
    incomplete. It'll validate a lot of valid email addresses,
    but it'll also
    reject a number of valid patterns, and validate some that are
    wrong.
    Adam

  • Graphite base station not working with my Intel Based Mac Mini and iPhone.

    My Airport Express died after 2 years of use. I had to resort to plugging in my old but still functioning Graphite Airport base station. Since the set up assisant on my Mac mini does not work with the older base station, I used my G4 400 tower to set it up. I got it working and tested the connection. On to testing my iPhone. It sees the new network. Password is entered and the wifi icon shows full signal strength, but does not connect to the web. Next I try my Mac mini out on the new network and it too sees the network, but does not connect to the web. I double check the older G4 and the connection is still strong and fast. I shut the G4 down thinking that maybe the Graphite can only support one computer at a time, and the Mac mini and iPhone still can't connect to the web. I'm not sure what to do with this one. Is there a setting that I need to use? As far as security goes, the Graphite base station was set up with a WEP password. Any help would be great
    Message was edited by: Soriano

    I suggest using AirPort Admin Utility (version 4.2) to check the base station settings and change them, if necessary. (AirPort Admin Utility should be able to configure a Graphite base station from a computer running Mac OS X 10.4, even though AirPort Setup Assistant can't.)
    In the Network pane of AirPort Admin Utility, please make sure that "Distribute IP addresses" and "Share a single IP address (using DHCP and NAT)" are checked, and that everything else is unchecked. I am assuming that the Graphite is the only router in your local network and that there are no computers connected via Ethernet.
    The Access Control pane of AirPort Admin Utility should list either all of the relevant AirPort ID's or nothing. You can find the AirPort ID of an OS X computer by looking at System Preferences>Network>Show:AirPort>AirPort.
    The Internet pane of AirPort Admin Utility should be set in accordance with your Internet provider's requirements. Most likely, it should be set to Connect Using:Ethernet and Configure:Using DHCP.
    After verifying the settings, power down the computers, base station and cable or DSL modem for a few minutes, then start them up sequentially, leaving time for each to get fully up and running: first the modem, then the base station, and finally the computers.
    The network preferences on the Mac Mini and the iPhone are also relevant. I assume that the preferences are unchanged from those that worked with the AirPort Express.
    I hope this helps.

  • E3000: uPnP not working with Xbox 360

    Hello all,
    So I just setup my new E3000, upgrading from a WRT54G.  The uPnP worked great on that router and my last three routers before that.  Xbox never required I setup anything -- I can prove this simply by swapping routers and putting one of the old ones in place of the E3000.
    However, the E3000 (Firmware Version: 1.0.02) is not working with uPnP.  Xbox connectivity test comes back and says that my NAT type is "Moderate".  Most stuff works fine, but I'd like to get it all working.  I worked with a Linksys tech who was very helpful and got NAT to "Open" by configuring triggered port forwarding. 
    I am happy to have my issue resolved, but confused why uPnP didn't work?  I mean it was easy for me to configure port forwarding, but for my less technical friends, should I simply not recommend this router because it can't do basic uPnP?
    Is there some other configuration change I made that may have upset the uPnP?
    Thanks!
    -Scott
    Solved!
    Go to Solution.

    In case this helps anyone else:
    For the past few months, I have been using static mapping for XBOX live.  I recently updated the firmware on my router to 1.04 and still was having similar problems with uPnP.  So I continued to use static mappings.  One day my IP for the Xbox changed and I got frustrated.
    I tried one thing before giving up on this router:
    1) Held down the reset button for 30 seconds
    2) While still holding it down, unplugged the router for 30 seconds
    3) While still holding it down, plugged back in and continued holding for 30 seconds
    This does a complete reset of the router.  I then re-ran the Cisco connect software (which was also updated recently).  I reconfigured my router the way I wanted.
    Now, Xbox Live uPnP is working!

  • Caller ID not working with Nokia 6600?

    I have a T-Mobile (US) Nokia 6600, and I can't seem to get address book to display incoming SMS or the caller ID of incoming calls. I've successfully paired the phone via bluetooth, and I can make address book dial the phone and send an sms. I can sync via iSync, use my phone as a modem, etc. etc.
    But regardless of what settings I tweak, I can't seem to get Address Book to show a bezel of any kind on incoming calls - not even an 'Unknown Caller' message! Am I missing something obvious? Third party apps like BluePhoneElite work just fine, so I'm pretty sure it's something wrong with Address Book...
    15" Aluminum Powerbook 1.5 GHz   Mac OS X (10.4.5)  

     
    mdcdsc wrote:
    My caller ID does not work with the new ap either.  I don't like the new ap at all.  The old one was beautiful.  Now my email is very hard to see, so much that I will just use the Apple email that comes with my IPOD.  The caller ID was my favorite thing with the old ap.  and now it doesn't work.  I have followed the instructions and turned everything on, but it just does not work.
    The Caller ID issue was due to an outage. It should be resolved anytime soon. Can yu log out and log back in. Go to app settings and in notifications and turn CAller ID off and on.
    On email - what do you mean 'email is very hard to see' ? I would like to pass on this feedback to the team.

  • External USB HD does not work with HAL:

    External USB HD does not work with HAL:
    From the last 10 days the HAL auto-mount with ntfs-3g file system of my external hard drive  does not woks.
    But the manual mount procedure with the command mount -t ntfs-3g /dev/sdb* /mnt/XYZ works.
    I've followed the instructions in the wiki: http://wiki.archlinux.org/index.php/HAL and the system has worked up to the last kernel or HAL update.
    My fat32 usb-stick works without any problem.
    If I try to open the device with KDE it appears an error popup wit this message:
    TODO: have to rethink extra options
    Error: kio_media_mount_helper
    The log from the kernel.log is
    Nov 6 22:03:16 myhost usb 5-1: new high speed USB device using ehci_hcd and address 4
    Nov 6 22:03:16 myhost usb 5-1: configuration #1 chosen from 1 choice
    Nov 6 22:03:17 myhost Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
    Nov 6 22:03:17 myhost ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
    Nov 6 22:03:17 myhost Initializing USB Mass Storage driver...
    Nov 6 22:03:17 myhost scsi6 : SCSI emulation for USB Mass Storage devices
    Nov 6 22:03:17 myhost usb-storage: device found at 4
    Nov 6 22:03:17 myhost usb-storage: waiting for device to settle before scanning
    Nov 6 22:03:17 myhost usbcore: registered new interface driver usb-storage
    Nov 6 22:03:17 myhost USB Mass Storage support registered.
    Nov 6 22:03:22 myhost scsi 6:0:0:0: Direct-Access WDC WD32 00JB-00KFA0 0811 PQ: 0 ANSI: 0
    Nov 6 22:03:22 myhost sd 6:0:0:0: [sdb] 625142448 512-byte hardware sectors (320073 MB)
    Nov 6 22:03:22 myhost sd 6:0:0:0: [sdb] Test WP failed, assume Write Enabled
    Nov 6 22:03:22 myhost sd 6:0:0:0: [sdb] Assuming drive cache: write through
    Nov 6 22:03:22 myhost sd 6:0:0:0: [sdb] 625142448 512-byte hardware sectors (320073 MB)
    Nov 6 22:03:22 myhost sd 6:0:0:0: [sdb] Test WP failed, assume Write Enabled
    Nov 6 22:03:22 myhost sd 6:0:0:0: [sdb] Assuming drive cache: write through
    Nov 6 22:03:22 myhost sdb: sdb1
    Nov 6 22:03:22 myhost sd 6:0:0:0: [sdb] Attached SCSI disk
    Nov 6 22:03:22 myhost sd 6:0:0:0: Attached scsi generic sg2 type 0
    Nov 6 22:03:22 myhost usb-storage: device scan complete
    and the error.log is
    Nov 6 22:03:22 myhost sd 6:0:0:0: [sdb] Assuming drive cache: write through
    Nov 6 22:03:22 myhost sd 6:0:0:0: [sdb] Assuming drive cache: write through
    Do you have some idea ....
    Bye.

    I have done the following:
    Downloaded the patched hal version.
    used makepkg in /abs/local/trunk/ to create a pkg for pacman
    used sudo pacman -U pkgname to install it.
    used sudo nano /etc/hal/fdi/policy/preferences.fdi to create the fdi file with the following content:
    saved the file and removed my ntfs entryes from fstab and rebooted. and still there is no automount off ntfs partitions.
    have i done something wrong?
    br fjodork
    WARNING: what follows is a guide of what did work for me, I'm still in an early stage of learning linux, so please correct me if anything of what follows is wrong/dangerous/stupid. As I said, this worked for me, it's not pretty, since I was learning each step on the fly and I'm sure there are better ways to do this.
    So fjodork, you seem to have done the the necessary steps, though i couldn't get it to work until i first removed hal without dependencies
    pacman -Rd hal
    it will give you some warning about the dependencies, ignore  it since we are reinstalling hal in a few steps.
    First i tried to follow Raymano's link, obviously it showed me nothing in the browser so I thought it might be a broken link.
    So I downloaded the source tarball from here http://hal.freedesktop.org/releases/hal-0.5.10.tar.gz
    unpacked it changed the /tools/hal-storage-mount.c as per Milfadoodle's instructions.
    at first I tried to compile directly from source, the process would finish without a glitch though after reboot nothing changed, as if hal weren't
    installed, i guess there were issues with paths. anyway read on
    Then repacked the source in tarball, copied it to /var/abs/extra/system/hal and modified the PKGBUILD as follows
    makedepends=('pkgconfig' 'gperf')
    options=('!libtool')
    install=hal.install
    source=(${pkgname}-${pkgver}.tar.gz #removed url so makepkg looks in the current directory for the tarball
        hal
        hal-policy.patch
        cryptsetup_location.patch
        hal-0.5.9-hide-diagnostic.patch
        ntfs3g-valid-options.patch)
    md5sums=('6641c30a27c00485c6accac5110ff911' # replace with md5sum of your package's sourceball (run md5sum filename)
             '882f67668cb14a0a9e4a27ef22278027'
             '5ba8b610aa9763a5f42b9f7cbd7a86ad'
    then makepkg (i had to add --asroot, don't ask why
    and finally pacman -U hal-0.5.10-1-i686.pkg
    another reboot and everything worked without a glitch!:D (yeah i know i still haven't got rid of the reboot mentality )
    I have also put the policy files as per the wiki instructions.
    PS: I know this is a dirty way to getting things done but as i said, I'm just starting
    If anyone could comment/correct/explain this post I'd be more than happy, the automount issue was bothering me for about a month now (you'll say why do I need ntfs in the first place? well, I only recently switched for Linux as my primary OS, these are some relics of the M$ era

  • Bought iPhone as "SIM-Free", but it not work with my local SIM card

    I have bought iPhone Serial No: 82108W75A4T in Canada as "SIM-Free", but it not work with my local SIM (Orange in Israel) card. Where to check: it is or not Factory Unlocked or have any hardware/software problems or have carrier ("adhered" any phone company)

    In the local Orange: They tried with them SIM, the same negative result.
    I have addressed to Canadien phone wireless carriers.
    From some [Rogers'] has already received the answer:
    ... have checked our system and did not find your iPhone listed...  Please contact Apple...

  • Hello,  I have iMac from Oct, 2010 and have OS 10.6.7 and multiple users.  Mail icon was accidently removed along with program.  Mail 4.4 is on other users but when I reloaded software my user got Mail 4.3. Mail 4.3 did not work with latest OS. Ideas?Matt

    Hello,  I have iMac Itel i3, from Oct, 2010 and have OS 10.6.7 and multiple users. 
    About 3-4 days ago the Mail icon in dock had question mark and was accidently removed, along with program on my user.  Oops.
    1. Mail 4.4 is on other users and works fine, but for me it does not work and tells me V4.3 does not work with latest OS X. 
    2. I reloaded software from my user with original disks  (Oct, 2010) and got Mail 4.3 again. Mail 4.3 did not work with latest OS.  I am unable to load Mail.  Gives Yellow error message.    
    "  You have Mail version 4.3 (1081/1084). It can’t be used on Mac OS X Version 10.6.7 (Build 10J869). For more information, click the Help button."
    3. Tried to update software and look for update for mail 4.3 on Apple site to no success.
    Hate to go to MS-Entorage ( I may need to learn something new and alien) mail program since contracts are in Mail/Address Book.
    Ideas?
    MattDeeds

    Matt,
    I would download and run the 10.6.7 combo update.
    http://support.apple.com/kb/DL1361
    Regards,
    Captfred

  • Better privecy does not work with windows vista home prem. what other program removes LSO'S AND HOW can I stop trackers?

    Question
    better privacy does not work with windows vista home prem. what other program removes LSO'S AND HOW can I stop trackers? edit
    Details

    As a temporary workaround, I believe this Adobe management page allows you to clear your "Flash cookies": [http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html Adobe - Flash Player : Settings Manager - Website Storage Settings panel] (hosted on macromedia.com -- Macromedia was the original developer of Flash).
    Regarding the script error, if I'm reading the script correctly, it is related to accessing your Flash cookies directory. It seems the publisher's support forum is not currently available for searching, but that might be a good next step.
    In the meantime, could you check whether the script has the correct location for your Flash cookies directory? If you can't access Tool > BetterPrivacy, you could check here:
    (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful.
    (2) In the filter box, type or paste '''bpr''' and pause while the list is filtered
    (3) There should be a bolded setting named '''extensions.bprivacy.DataDir''' which looks approximately like the following:
    C:\Users\''yourWindowsUsername''\AppData\Roaming\Macromedia
    Do you have a similar value? If you paste the path used by BetterPrivacy into a Windows Explorer window, does it open? Also, click a couple levels in the folder, can you see:
    Flash Player \ #SharedObjects
    If the value is wrong, right-click the wrong value and choose Reset. BetterPrivacy should update the value the next time you try to access it.
    If the value is blank, you could try inserting a sensible value and see whether that helps.
    Any luck?

  • Lync Server 2010 conference not working with Windows 8.1 and IE 10

    Hello,
    The problem is that whenever a Windows 8.1 user tries to join a Lync server 2010 conference using Internet Explorer 10 (or 11, tried that too) the user can't join the conference. If the conference is created by a Lync server 2013 user joining works fine.
    When using Lync 2010 client we get the following error in the client: "error id 87 source id 7".
    When using Lync 2013 client we end up with a blank conversation window.
    There are no traces in server log, client log or event log.
    Below is a set of use cases that may help you to understand what is the problem scenario. Each of these works or does not work with both Lync 2010 and Lync 2013 client.
    - Lync server 2010 conference, windows 7, Chrome, Firefox, IE 10 or 11 --> Works.
    - Lync server 2010 conference, windows 8.1, IE 10 or 11 --> Does not work.
    - Lync server 2010 conference, windows 8.1, Chrome or Firefox --> Works.
    - Lync server 2013 conference, windows 8.1, Chrome, Firefox, IE 10 or 11 --> Works.
    It does not help to add the meet address to IE compatibility list (Compatibility View Settings).
    If i press F12 in IE and change the document mode of the meet page to IE 9 version then i can join meetings with Windows 8.1 and IE 10. Unfortunately i cannot make that as a default setting for the meet website.
    Any ideas on how to get Lync server 2010 meetings working with Windows 8.1 and IE 10 or 11?
    IE is the company default browser. Windows 8.1 is not a default operating system but we have increasing number of Windows 8.1 computers in our environment (mainly directors).

    According to your description, it is hard to tell whether the issue is related with IE or Lync Server 2010 or both.
    Compare the log when Lync client on Window 8.1 with IE 10 or IE 11 join Lync server 2010 conferencing and Lync Server 2013 conferencing.
    Lisa Zheng
    TechNet Community Support

Maybe you are looking for