outgoing mail only

Unanswered Question
Jun 18th, 2008
User Badges:

Dear Sir,


I have 2 x 11501 in front of 2 x web server. Now we need the web server act as smtp relay to send outgoing mail.


I do not think the mail need load balancing. I found the following configuration does not work. When I execute the "nslookup", I cannot get to the DNS server, which is ouside the Internet.


service PISWEBP01

redundant-index 31

ip address 10.106.13.20

active


service PISWEBP02

redundant-index 32

ip address 10.106.13.21

active


owner PIS_PISWEBP0102


content PIS-DNS-VIP-1

vip address 10.106.13.224

port 53

protocol tcp

redundant-index 35

add service PISWEBP01

add service PISWEBP02

active


content PIS-SMTP-VIP-1

vip address 10.106.13.224

port 25

protocol tcp

redundant-index 34

add service PISWEBP01

add service PISWEBP02

active


Any idea why?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Diego Vargas Thu, 06/19/2008 - 15:01
User Badges:
  • Cisco Employee,

Hi Joseph,


It is not really clear what you are trying to do. You have a content rule configured for SMTP (port 25) which is used for load balancing, however you say you don't need load balancing and that the servers actually need to send outgoing mail


So my question is, is this traffic generated from the servers to the outside?


Or is traffic balanced to the servers?


Is the CSS the default gateway of the servers?



josephschung Thu, 06/19/2008 - 15:08
User Badges:

Yes, the web server will generate outgoing nslookup and send outgoing mail only.


The default gateway is configured.


Thanks

Diego Vargas Thu, 06/19/2008 - 15:23
User Badges:
  • Cisco Employee,

So, are the servers pointing the CSS as their default gateway?


or is there any other layer 3 device that will be gateway for the servers?


Is the CSS backend and frontend on the same VLAN?


Can you provide a show run?


If the CSS is not balancing SMTP to those servers, what is the content rule for?


Usually in order to route traffic to the outside you would use group on the CSS to NAT to an IP on the external network, like this:


group outbound

service xxxx1

service xxxx2

vip address xx.xx.xx.xx

active



harrjd222 Tue, 06/24/2008 - 12:22
User Badges:

also don't forget that dns lookup are udp based unless you are doing a zone transfer

Actions

This Discussion