I have requirement for outbound SMTP services. Where servers DFG is LTM which are not internet routable. Im thinking to have SNAT object enable on the VLAN where servers sit , SNAT ips will be the bexternal VIP ips.
But the concern i have is even the servers has communication to some of the internal applications where they need to have original servers ips to process , due to SNAT im assuming we will have issue ,, is there any other way we can achieve SNAT for external traffic outbound and no snat to internal traffic were DFG will be self ip (LTM ).
Outlining requirements as
DEstination Subnets for internal traffic : 10.10.10.10
Servers 220.127.116.11, 18.104.22.168
External vip VLAN 202 :- VIPS ( 22.214.171.124 , 126.96.36.199) internet routable
Selfip for server vlans 188.8.131.52.4 (VLAN 101) i.e DFG for servers.
Sounds like you simply need to:
- Create a SNAT list, with the IP or IPs you want used for outgoing STMP
- Create a virtual server with destination address of 0.0.0.0/0.0.0.0 and port 25
-- Enable SNAT on the virtual server.
-- Enable the virtual server on the VLAN where the servers are.
This would SNAT any outgoing SMTP connections.
Yes I agree Mohamed , but the concern i have is for all outbound SMTP connection that works but i need SNAT to internet traffic and no SNAT to particular destination subnets
ex 184.108.40.206/24 - connectiosn going to inside network for the mentioned subnet i dont need snat and rest all should be snatted.