Exchange 2003 configuration behind BigIP

How are you getting the FE<-->BE traffic through the BIG-IP's? Are you using a SNAT, IP Forwarding, a VIP (aka virtual server), or a combination of those?

 

 

Also, are you running the Message Tracking and Queue Viewer tools on the BE or FE servers? (I'm guessing BE)

 

 

Ideally, I would normally suggest that you dual-home your FE servers and direct that traffic out another interface that doesn't use the BIG-IPs (or any firewall, etc.) as a gateway, *or* use another router on the same network and just set up a static route to the BE servers that uses that.

 

 

However, if you don't want to change your topology to do that, the BIG-IPs should still be able to pass your traffic. It's been a while since I've working with Exchange 2003 and BIG-IP 4.x in combo, but I believe that SNATing won't work, since Exchange needs to be able to contact each IP address that corresponds *directly* to each server name in AD/DNS.

 

 

If you're simply using BIG-IP as a router (IP Forwarding), this *should* work out-of-the-box, but more info about your config would help. You say "They do not communicate fully" -- does that mean you're setting up selective VIPs, have packet filtering enabled, or something else?

 

 

I don't know all of the traffic offhand associated with Message Tracking and Queue Viewer, but Message Tracking at least requires SMB/CIFS (tcp/445 is easiest) connectivity to the message tracking log file share on each server. I wold assume Queue Viewer does the same thing, just to a different directory.

 

 

You could always run 'tcpdump -i src host ' on the BIG-IP while trying Message Tracking or Queue Viewer from the BE server to see what ports get called.

 

 

Let us know what you discover and we can offer some suggestions about BIG-IP config based on all that info.