Forum Discussion
omar05_132659
Nimbostratus
NimbostratusOutbound IPs for mail and navigation traffic
Hello friends,
Yes, I know it is a basic question, but I need help due to I am new in F5 deployments. Please..! I'd appreciate any help you provide.
I was given two pools of public IPs. One...
You can have a the second SNAT Pool with your three public IP addresses attached to a 0.0.0.0:* Virtual listening on your internal VLAN to handle outgoing traffic.
If you only have on mail server then you will only have one virtual to point to it. Unless you need a mail server endpoint in each ISP VLAN? Then just create three virtual's, each attached to an external ISP's VLAN, using the same mailserver pool. That handles the incoming traffic. For outbound traffic from the mail server use a 0.0.0.0:25 virtual on the inside VLAN with the first SNAT pool.
omar05_132659Nimbostratus
NimbostratusHello Kevin,
Really, thanks a lot for your attention.
Yes, my F5 is facing the Internet for inbound connections and it is the default path out of my network to the Internet. I have three ISPs, so I have to load balance inbound and outbound connections across them. The pool of public IPs I mentioned are a set of three IPs, one IP for each ISP. I have four VLANs (three external for the ISPs and one internal for the firewall), but I connected just two physical interfaces of my F5. One interface, which contains three VLANs regarding to the ISPs, is connected to the Internet switch. The other interface, which is managing the internal VLAN, is connected to the firewall. There is just one mail server which is located behind the firewall. Indeed, my F5 must load balance the incoming mail across the three ISPs, but it must not change the source IP due to the firewall is performing spam checking.
Is there any chance to use the same IP pool to load balance incoming and outgoing mail traffic besides applying SNAT outbound? I was provided just three IPs to load balance mail traffic.
I suppose I can apply what you say in the last paragraph. But I have just one internal VLAN. It is better to have two? In this case, does it assure that any user would be given a load balanced public IP to navigate?
Thanks in advance for your response. Really, I appreciate it.
I remain attentive
Best Regards,
Omar
- omar05_132659What about having two mail servers? I mean, one mail server is going to send and receive emails by using a set of three IPs. The other is just going to send. In the second case I would configure a virtual server 0.0.0.0:25 listening to the internal VLAN with a SNAT associated. But, what about the first one. I suppose I cannot have two 0.0.0.0:25 virtual servers with different VLANs and resources. Appreciate your help Regards