End user Quarantine Access

Unanswered Question
Jun 5th, 2008
User Badges:

I have configured our LDAP and turned on the quarantine access for users.
I have tested and it works! Yeah..... well for people on the same subnet as he C300.

The C300 is on a 10.x.x.x subnet and so is everyone at this location but those that are on the wireless or off site cannot connect to the quarantine queue.
I set up another Route for the wireless subnet of 172.x.x.x but still not working. I don't want to make too many changes since I am still somewhat of a newbie to Ironport and I don't want to break anything..


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
David.shoesmith73 Fri, 06/06/2008 - 00:43
User Badges:

It sounds like a routing issue. I have had this happen to me as well, and it turned out to be address spoofing on our firewall. The 10.10.xxx.xx address is our managment address / quarantine, 10.11.xxx.xxx is our incomming / outgoing smtp subnet and the 172.xxx.xxx.xxx was our userbase subnets. The default route was 10.11.xxx.254. What was happening was the packets would come into the device on the 10.10.xxx.xxx address then when returning it would come back via the default route of 10.11.xxx.xxx. This would cause an address spoofing condition on our firewall. I needed to create another address on the 10.11.xxx.xxx subnet for the quarantine so that it would then route out the default route without address spoofing. For the management address's I just created host routes for the Admins who needed access to the GUI of the Ironport. It may not be the cleanest way of doing it, however it has worked for me in this situation.
I hope this makes sense and helps someway in getting you a resolution.




This Discussion