[f-nsp] RES: serveriron traffic flow for SMTP
wolfz
lobo at netadm.com.br
Thu Jul 29 21:40:01 EDT 2010
Jimmy,
Do you enable DSR?
Regards,
-----Mensagem original-----
De: foundry-nsp-bounces at puck.nether.net
[mailto:foundry-nsp-bounces at puck.nether.net] Em nome de Jimmy Stewpot
Enviada em: Thursday, July 29, 2010 4:29 AM
Para: Jimmy Stewpot
Cc: foundry-nsp at puck.nether.net
Assunto: Re: [f-nsp] serveriron traffic flow for SMTP
Hi All,
When I set the servers default gateway to the VIP IP rather than the router
IP the system began to function as I had hoped.
Regards,
Jimmy.
----- Original Message -----
From: "Jimmy Stewpot" <mailers at oranged.to>
To: foundry-nsp at puck.nether.net
Sent: Thursday, 29 July, 2010 3:43:15 PM
Subject: [f-nsp] serveriron traffic flow for SMTP
Hello,
I currently have a problem which I am trying to find a simple solution to. I
am hoping that someone here will be able to provide some tips. We have an
SMTP VIP which has two real servers associated with them. In front of the
Load balancer we have a Cisco ASA firewall which has permit rules for SMTP
to both real servers and the VIP on port 25 both directions. The inbound
email comes to port 25 on the VIP and then gets load balanced to the
respective real servers without any problems. However the return connection
comes back directly to the gateway which resides on the ASA. The problem is
that the ASA then has no session and rejects the SYN ACK and the connections
are not established. The simple solution is to use source-nat but that
removes any possible use of rbl's and black lists because every source
address appears as the VIP IP.
Is there any easy way around that while still allowing us to have the smtp
restrictions required (e.g. rbls etc).
sh ver
SW: Version 10.2.01nTI4 Copyright (c) 1996-2007 Foundry Networks, Inc.
Compiled on Feb 01 2010 at 20:02:55 labeled as WJR10201n
HW: Stackable Router, SYSIF version 21, Serial #: Non-exist
Regards,
Jimmy Stewpot.
_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
More information about the foundry-nsp
mailing list