Filter by:
  • Solution
  • Technology

answers

SNAT for OUTBOUND SMTP

Updated 11/1/2013 • Originally posted on 01-Nov-2013 by ranjan 89

Hello,

I have requirement for outbound SMTP services. Where servers DFG is LTM which are not internet routable. Im thinking to have SNAT object enable on the VLAN where servers sit , SNAT ips will be the bexternal VIP ips.

But the concern i have is even the servers has communication to some of the internal applications where they need to have original servers ips to process , due to SNAT im assuming we will have issue ,, is there any other way we can achieve SNAT for external traffic outbound and no snat to internal traffic were DFG will be self ip (LTM ).

Outlining requirements as

DEstination Subnets for internal traffic : 10.10.10.10

Servers 20.20.10.10, 20.20.10.11

External vip VLAN 202 :- VIPS ( 30.30.30.10 , 30.30.30.11) internet routable

Selfip for server vlans 20.20.20.10.4 (VLAN 101) i.e DFG for servers.

Thanks, RJ

0
Rate this Question

Answers to this Question

2 Answers:

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 01-Nov-2013 • Originally posted on 01-Nov-2013 by Mohamed Lrhazi 293

Sounds like you simply need to: - Create a SNAT list, with the IP or IPs you want used for outgoing STMP - Create a virtual server with destination address of 0.0.0.0/0.0.0.0 and port 25 -- Enable SNAT on the virtual server. -- Enable the virtual server on the VLAN where the servers are.

This would SNAT any outgoing SMTP connections.

Comments on this Answer
Comment made 01-Nov-2013 by Mohamed Lrhazi 293

You could remove the SNAT config from the virtual server config, and use an iRule if you want SNAT to only apply to your specific mail servers, and not any server on that VLAN.

0
Edit your comment
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 04-Nov-2013 • Originally posted on 04-Nov-2013 by ranjan 89

Yes I agree Mohamed , but the concern i have is for all outbound SMTP connection that works but i need SNAT to internet traffic and no SNAT to particular destination subnets ex 20.20.20.0/24 - connectiosn going to inside network for the mentioned subnet i dont need snat and rest all should be snatted.

Comments on this Answer
Comment made 04-Nov-2013 by Mohamed Lrhazi 293

- Enable the VS only on the mail server VLAN, it will then not affect incoming traffic, only outgoing from that VLAN. - Apply an iRule to not SNAT if dst address matches the particular subnets for which you dont want SNAT.

0
Edit your comment
;