Leonardo What version of Exchange are you using, and what connectors are you using between your server and the other countries?
When you say synchronization, are you receiving mail from the servers in the other countries? Lastly have you verified that your tunnel is up, are you using any other application that's connecting to servers in these other countries? A coupla questions to get started with. Mike -----Original Message----- From: Leonardo Borda [mailto:[EMAIL PROTECTED]] Sent: 18 July 2002 01:44 AM To: [EMAIL PROTECTED] Subject: I need a help from you guys. (NAT, IPSEC and Extended [7:49069] Hello ALL I am having a very interesting problem here. Please any help will be very appreciate because I have tried to find out documents and so on and I did not find nothing yet... SCENARIO: I have a cisco 2600 router doing NAT and VPN. - My ethernet has 192.168.25.0/255.255.255.0 as primary and ip address 200.2x.y.z / 255.255.255.192 as secondary (doing nat inside - allow my users access the internet) - My S0/0 is doing nat outside and establishing tunnel between my other countries. ip address - 200.18x.y.z / 255.255.255.252 This serial has an access-list 120 out which is denying some ports and blocking user access from some p2p applications and etc. PROBLEM: I have an Exchange Server wich does synchronization between other servers around the world through the VPN. It has an external ip configured and an internal ip configured in the same interface. (its working until now). It has sync through the VPN not over the Internet. My job is apply an access-list in S0/0 to permit just smtp, pop3, www and 443 traffic from the internet to that exchange server, but still synchronize through the VPN my exchange server connections around the world. Now is the problem: I have configured an (access-list 121 in) in s0/0 and I cannot sync my Exchange Organization anymore and my users does not receive messages coming from my internal Exchange Server organization. But users from the internet can send messages to my exchange server ( in fact the access-list 121 in is correct to traffic from internet, but not from the VPN). Does anybody know how to solve that weird problem???? Which ports do I have to open to allow VPN and Internet access using together an access-list? My best regards to everybody! Leonardo Borda Systems Engineer Brazil Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49104&t=49104 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]