Forum Discussion

Michael_126496's avatar
Michael_126496
Icon for Nimbostratus rankNimbostratus
Jun 13, 2013

Ex2010, default GW, routing

Hi folks,

 

i read many blogs, how-to's etc. but nothing will work for me.... following situation:

 

EX2010 CAS-Array including 3 nodes, with snat configuration on LTM. The CAS-Servers have already the hub-transport role installed. Because of SMTP-relay configuration, we want the "client" ip mapped to the Ex2010 servers.

 

Problem: When we change the default GW to LTM and disable snat, all Exchange related traffic works fine, but administrativ access to the server (like rdp, smb, etc.) is broken (only icmp works, very confusing). The other way (Ex2010 to client or permiter network) works fine.

 

Network:

 

Client-network (VLAN A) -> router -> |

 

Perimeter-network (VLAN B) -> Firewall -> | cisco nexus -> LTM -> Ex2010 Servers (VLAN C)

 

Campus-network (30+ subnets) -> router -> |

 

vlan A: 172.24.24.0 /24

 

vlan B: 192.168.100.0 /24

 

vlan C: 172.24.100.0 /24

 

 

LTM-config:

 

- configured vlan C on BigIP, default GW on Big-IP ist 172.24.100.1 (cisco nexus), floating ip is 172.24.100.200

 

- VIPs for Ex2010 (owa, mapi, active sync...)

 

- one wildcard VIP ('Performance L4) 0.0.0.0/0.0.0.0 all ports, all protocols, profile FastL4, no snat, no nat, no pat, auto last hop default. Pool settings: 1 Member (172.24.100.1), Allow SNAT: No, Allow NAT: Yes

 

Do I need an additional VIP for inbound traffic (client -> exchange)? If so, how must it look like?

 

Thx for help...

 

 

 

microsoft
partner

1 Reply

  • Michael_126496's avatar
    Michael_126496
    Icon for Nimbostratus rankNimbostratus
    Jun 17, 2013

    Ok i got it by my self :-)

     

    If anyone has the same problem, here is my resolution:

     

    1. Create an new Pool on LTM

     

    1.1 Add IP address of GW-router for your subnet

     

    1.2 Under advanced pool settings, set "Allow SNAT" to "No" (optional, select icmp health monitor)

     

    2. Create new fastL4 profile (Local Traffic - Virtual Servers - Profiles - Protocol - fastL4)

     

    2.1 In the profile, check "Loose Initiation" and "Loose Close"

     

    2. Create new Virtual Server

     

    2.1 Set type to "Performance L4"

     

    2.2 Set destination to 0.0.0.0 / 0.0.0.0

     

    2.3 Set service Port to "*All Ports"

     

    2.4 Expand "Advanced" configuration

     

    2.5 Set Protocol to "*All Protocols"

     

    2.6. Set Protocol Profile (Client) to your newly created fastL4 profile (with loose init,close)

     

    2.7 Uncheck "Address Translation" and "Port Translation"

     

    3. Set default GW of HUB-Server to LTM floating-IP

     

    Thats it...