Hi, I just started with a new company and they have been having an issue for quite some time. Although Friday was my first day, I recognized that they were using an internal 128.x.x.x ip scheme throughout the company. They recently installed a sonicwall firewall appliance and prior to that they had a "firewall" BUT from what I hear it was never defined, so it acted pretty much like a gateway allowing traffic in and out freely. Since the implementation of the SonicWall device, they have not been able to send mail to any AT&T and its subsidiaries due to being blacklisted. Another thing I looked at was in their DNS...they have no MX record. So, 3 things I found in a hour that might have everything to do with it, or maybe nothing at all, but I would like another opinion from a peer out there who might recognize something here. I want to add an MX record to their DNS, BUT I don't want to foul anything up on my second day there. I also want to propose changing the IP scheme within the organization to a 10.x.x.x scheme....but again, I want to make sure of what I propose is factual. Any ideas?

I apologize, they are using Exchange as well. Nancy DeCrescenzo

On Sat, 18 Jun 2011 13:59:30 +0000, ndecrescenzo wrote: > > >Hi, > >I just started with a new company and they have been having an issue for quite some time. Although Friday was my first day, I recognized that they were using an internal 128.x.x.x ip scheme throughout the company. They recently installed a sonicwall firewall appliance and prior to that they had a "firewall" BUT from what I hear it was never defined, so it acted pretty much like a gateway allowing traffic in and out freely. Since the implementation of the SonicWall device, they have not been able to send mail to any AT&T and its subsidiaries due to being blacklisted. Another thing I looked at was in their DNS...they have no MX record. So, 3 things I found in a hour that might have everything to do with it, or maybe nothing at all, but I would like another opinion from a peer out there who might recognize something here. > >I want to add an MX record to their DNS, BUT I don't want to foul anything up on my second day there. I also want to propose changing the IP scheme within the organization to a 10.x.x.x scheme....but again, I want to make sure of what I propose is factual. Any ideas? Well, not getting any e-mail is probably because your firewall is correctly routing the IP packets to the REAL 128.x.x.x network. Provided you never want to access anything on that network you can assign a static route on the firewall to your internal router. Just be sure you don't advertise that route on the Internet!!! As long as you're using the 128.x.x.x range behind a NAT device and you don't allow any direct access to the Internet you should be okay (as long as you never want to access anything on the real 128.x.x.x network). It's not right, but it's okay in the short term. Changing to a non-routed IP network is the right thing to do, but it's not always as easy as it sounds. Neither is putting everything behind a firewall and not allowing direct access to the Internet. It's a choice you have to make. :-) If the domain's "A" record resolves to the IP address of your public IP address on the firewall (and that's one that you have authoritity over), and you map inbound connection on port 25 to the INTERNAL 128.x.x.x IP address of your Exchange server) then adding a "MX" record that uses the domain's "A" record will be just fine. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Rich, Thank you for replying. I explained to them the same thing you stated above (as far as the 128.x.x.x going outside the router and hitting the real network), so I will propose an IP change solution, which might fix a few more hiccups in the environment. I will have to see exactly what the DNS is holding and where its pointing when I get there Monday morning, and will have to check the inbound connection. The last Exchange I administered was 5.5, that was back in 2001....its not like riding a bike! I will have to take a crash course again on it....but I at least know where to look up some answers, and of course come to this board for some real life situations and answers :) Thanks again!Nancy DeCrescenzo

On Sat, 18 Jun 2011 18:52:14 +0000, ndecrescenzo wrote: >Thank you for replying. I explained to them the same thing you stated above (as far as the 128.x.x.x going outside the router and hitting the real network), so I will propose an IP change solution, which might fix a few more hiccups in the environment. I will have to see exactly what the DNS is holding and where its pointing when I get there Monday morning, and will have to check the inbound connection. The last Exchange I administered was 5.5, that was back in 2001....its not like riding a bike! I will have to take a crash course again on it....but I at least know where to look up some answers, and of course come to this board for some real life situations and answers :) Thanks again! Exchange may have changed, but IP routing and DNS haven't (well, with the exception of IPv6 and a few new DNS reource record types). Good luck with the IP network swap. Expect wails of anguish. :-) --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi ndecrescenzo, Any update for your issue? Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.