11/1/2013 by ranjan
I have requirement for outbound SMTP services. Where servers DFG is LTM which are not internet routable. Im thinking to have SNAT object enable on the VLAN where servers sit , SNAT ips will be the bexternal VIP ips.
But the concern i have is even the servers has communication to some of the internal applications where they need to have original servers ips to process , due to SNAT im assuming we will have issue ,, is there any other way we can achieve SNAT for external traffic outbound and no snat to internal traffic were DFG will be self ip (LTM ).
Outlining requirements as
DEstination Subnets for internal traffic : 10.10.10.10
Servers 220.127.116.11, 18.104.22.168
External vip VLAN 202 :- VIPS ( 22.214.171.124 , 126.96.36.199) internet routable
Selfip for server vlans 188.8.131.52.4 (VLAN 101) i.e DFG for servers.
Sounds like you simply need to:
- Create a SNAT list, with the IP or IPs you want used for outgoing STMP
- Create a virtual server with destination address of 0.0.0.0/0.0.0.0 and port 25
-- Enable SNAT on the virtual server.
-- Enable the virtual server on the VLAN where the servers are.
This would SNAT any outgoing SMTP connections.
You could remove the SNAT config from the virtual server config, and use an iRule if you want SNAT to only apply to your specific mail servers, and not any server on that VLAN.
Yes I agree Mohamed , but the concern i have is for all outbound SMTP connection that works but i need SNAT to internet traffic and no SNAT to particular destination subnets
ex 184.108.40.206/24 - connectiosn going to inside network for the mentioned subnet i dont need snat and rest all should be snatted.
- Enable the VS only on the mail server VLAN, it will then not affect incoming traffic, only outgoing from that VLAN.
- Apply an iRule to not SNAT if dst address matches the particular subnets for which you dont want SNAT.