I'm having trouble working through this problem I ran into and was hoping for some advice. I am running exchange 2k3 in my domain which I want to implement NAT. Problem is on my test network, when implementing NAT, I can send mail out, but can't receive mail in. I understand why this is happening, but not sure how to fix it. I have a static entry in my nat pool for the exchange/dns servers - the problem is when DNS requests are made for my mail server, the DNS server (located in the private IP space) is resolving a non-routable IP to the requester, so the request doesn't make it back to me.I think I need to setup a split DNS somehow, but I'm not sure how to go about this. Is there another way? Can someone explain exactly how to do this?

Hi Travis, Per my understanding, our current problem is that all incoming Emails cannot be received because the DNS provides a non-routable IP to theinternet message requesters. I guess the non-routable IP is just a static IP of your Exchange server which configured on your NAT Server/device. I hope you have a NAT device to provide the address transfer service. Travis, In order to make outside requesters can contact your Exchange server, we need make sure that the requesters know the Exchange IP address which should be valid so as able to build the SMTP session between them. General, the process to find the Exchange server IP is like belows. Requester query the Public DNS so as to find a correct DNS server which has registered the MX record for your Exchange Server. The MX record can be registered on yourself DNS server or your ISP server. If it is registered on your ISP server, I suggest you contact your ISP to modify it. you may need do following configuration on yourself DNS or contact ISP to modify the MX record. Modify DNS MX record and let it point to the NAT Server which should have an unique external IP address, then you also need configure NAT server to forward the request to the exchange Server IP static address(private) via ports image. If you have any question about the port image, I suggest you contact the NAT device provider or vendor. Thanks, Jason

You are correct, I am using a NAT device (cisco router) to handle the NAT translations. I have a full class C address space (public) to work with. I also run my own DNS servers (Public) for my domain. The MX record is present and points to the server name of the mail server. I think the problem is that the DNS server knows my mail server as a private IP address (192.168.x.x). When it gets a request from the internet for the MX record for my domain, it sends the private IP address, which is non-routable, therefore the requester cannot establish a route to my domain. I need to somehow be able to advertise the public IP address of my mail server from my DNS server, even though the DNS server knows my mail server's IP address is something different - a private IP address (sorry, this is hard to explain - hopefully you understand what I'm trying to say).I think I am going to need to set up a split DNS (mydomain.local for local DNS queries and mydomain.com for public queries). I'm not exactly sure how this is implemented or if that is even what I will need. Hope this clears things up some more.

Hi Travis, It seems that you have already made your DNS Server to point to the server name of the mail server. But it still provide the private IP address to internet. So I believe it can be caused by the incorrect A(host) record of your mail Server on the DNS Server. So you can check this type of record on your DNS server, if the A(host) record points to the private IP address, please modify it to point to the public IP address as same as the IP in your NAT pool for this mail Server. I think it will not affect your local query since the NAT device will direct them to the private IP address of the mail server. In my opinion, I think its not a good idea to setup another DNS Server. why not ask a ISP to register both your MX record and A(host) record for all internet queries? I believe the below link may help for you to configure the Cisco NAT. http://www.cisco.com/warp/public/556/12.html#topic6 thanks, Jason

I don't want to set up another DNS server, instead I wonder if I need to setup another lookup zone. My ISP will not serve DNS requests for my domain, they will only point DNS queries for my domain to my DNS servers. If my DNS server was off of my local network (i.e. my ISP's DNS servers), my NAT would work just fine. The problem (I think) is because my DNS server sees my hosts as private IP addresses, and is sending those IP addresses out when requested by internet queries, my incoming mail doesn't work.The link for the cisco NAT is exactly how I am currently setup. Only problem being that my DNS server is also on the "inside devices" side of the network.