Hello everyone,
I have two sites connected through site-to-site IPsec VPN. On both site, there is a mail server running. On of the site uses the Astaro box as a SMTP gateway for all mail while the other one only sends mail (directly, not through Astaro).
Just to make things clear, the mail flow (SMTP) was the following:
SMTP1 -[ASL1-ASL2 VPN]--> ASL2 --> SMTP2
Site 1 has all public IP addresses (it's a public site) while site 2 is using private IPs NATed by ASL2.
My problem is the following: up to now, the above setup worked but the tunnel was configured with the public IP addess of both ASL gateway in the list of published network for both side and gateways. This worked with connections going from ASL2 to ASL1 but not in the other direction.
So, we've fixed it by removing the firewalls public IPs from the VPN definition completely (both as published networks and gateway definitions). That solved the connectivity issue between site 1 and site 2 but now the mail server cannot connect to the ASL2's external SMTP port.
I've temporary fixed that by adding a stating entry in the host file of the SMTP1 server, but I need a more permanent fix.
Anyone has an idea what the problem is ?
This thread was automatically locked due to age.
