Forum Discussion

Shiva_69966's avatar
Shiva_69966
Icon for Nimbostratus rankNimbostratus
Nov 01, 2013

SNAT for OUTBOUND SMTP

Hello,

 

I have requirement for outbound SMTP services. Where servers DFG is LTM which are not internet routable. Im thinking to have SNAT object enable on the VLAN where servers sit , SNAT ips will be the bexternal VIP ips.

 

But the concern i have is even the servers has communication to some of the internal applications where they need to have original servers ips to process , due to SNAT im assuming we will have issue ,, is there any other way we can achieve SNAT for external traffic outbound and no snat to internal traffic were DFG will be self ip (LTM ).

 

Outlining requirements as

 

DEstination Subnets for internal traffic : 10.10.10.10

 

Servers 20.20.10.10, 20.20.10.11

 

External vip VLAN 202 :- VIPS ( 30.30.30.10 , 30.30.30.11) internet routable

 

Selfip for server vlans 20.20.20.10.4 (VLAN 101) i.e DFG for servers.

 

Thanks, RJ

 

application delivery
design
devops
iRules
security
smtp

2 Replies

Sort By
  • Mohamed_Lrhazi's avatar
    Mohamed_Lrhazi
    Icon for Altocumulus rankAltocumulus
    Nov 01, 2013

    Sounds like you simply need to: - Create a SNAT list, with the IP or IPs you want used for outgoing STMP - Create a virtual server with destination address of 0.0.0.0/0.0.0.0 and port 25 -- Enable SNAT on the virtual server. -- Enable the virtual server on the VLAN where the servers are.

     

    This would SNAT any outgoing SMTP connections.

     

  • Shiva14's avatar
    Shiva14
    Icon for Nimbostratus rankNimbostratus
    Nov 04, 2013

    Yes I agree Mohamed , but the concern i have is for all outbound SMTP connection that works but i need SNAT to internet traffic and no SNAT to particular destination subnets ex 20.20.20.0/24 - connectiosn going to inside network for the mentioned subnet i dont need snat and rest all should be snatted.