Forum Discussion

tosneyp_93777's avatar
tosneyp_93777
Icon for Nimbostratus rankNimbostratus
Jun 23, 2011

Exchange 2010 SMTP Virtual Server Forward to smarthost

Hi,

 

 

I'm new to this forum and also new to the wonderful World of F5 - so please go easy on me should I ask anything stupidily obvious! ;)

 

 

The reason I'm posting is to see if anyone has an idea how I can forward smtp traffic to a smarthost (say cluster.email.com)? I've setup a virtual server listening on port 25 and also set a pool up that includes the servers I want to be able to send/receive smtp traffic...i've also set the send connector on those servers to point at the VIP...but how can I get the VIP, which is listening on Port 25, to send the smtp traffic on to cluster.email.com? The reason I want to set this up is so I can install one SSL certificate on the VIP that can be used for all the exchange boxes etc...

 

 

Any help would be appreciated as I'm no F5 guru to say the least....exchange i'm not too bad with though! ;)

 

 

Cheers,

 

Pete

 

microsoft
partner

13 Replies

Show More
  • Michael_Koyfma1's avatar
    Michael_Koyfma1
    Icon for Cirrus rankCirrus
    Jun 25, 2011
    I think I am getting it now. So, I think you simply want to point your hubs to that VIP/name internally, but have that VIP send traffic to cluster.messagelabs.com. In that case you should use an iRule that checks source IP and if it matches IP of your hub servers, you will then resolve cluster.messagelabs.com using Jason's suggestion and forward traffic to that IP using node command.
  • tosneyp_93777's avatar
    tosneyp_93777
    Icon for Nimbostratus rankNimbostratus
    Jun 26, 2011
    Yes that is exactly what i am trying to achieve! :) Would there be any chance you could provide me with the required irule...I only ask because i am a complete noob to irules and it'll probably take me some time to figure this out! :( No worries if not...i'll just get reading/googling! :)

     

     

    ps - thanks for the replies/responses to date!
  • Mike_McCracken_'s avatar
    Mike_McCracken_
    Icon for Nimbostratus rankNimbostratus
    Jul 21, 2011
    Did you get this working?

     

     

    We have a similar situation where our ingress mail (Internet resolved MX) points to messagelabs.com. Traffic is subsequently forwarded to our location, through our edge firewall (and NAT'd - public IP to private) to a private F5 VIP IP (with two backend Exchange mail edge servers in a pool).

     

     

    Additionally, we need to have our egress mail traffic (that is sourced from the two edge pool members) reverse-proxy back through the same VIP IP address (currently used for ingress traffic).

     

     

    Our thinking was to create a SNAT similar to the one below and assign it to the appropriate F5 based VLAN:

     

     

    snat mail-snat {

     

    translation 10.225.18.41

     

    origins {

     

    10.19.154.36

     

    10.19.154.37

     

    }

     

    vlans dmz enable

     

    }

     

     

    For some reason, the traffic isnt using the SNAT (egress): as the traffic leaves our network, it is using the edge firewall based NAT Overload address instead of the static one-to-one NAT currently inplace for ingress traffic.

     

     

    Thoughts?