outgoing mail only

Unanswered Question
Jun 18th, 2008

Dear Sir,

I have 2 x 11501 in front of 2 x web server. Now we need the web server act as smtp relay to send outgoing mail.

I do not think the mail need load balancing. I found the following configuration does not work. When I execute the "nslookup", I cannot get to the DNS server, which is ouside the Internet.

service PISWEBP01

redundant-index 31

ip address


service PISWEBP02

redundant-index 32

ip address


owner PIS_PISWEBP0102

content PIS-DNS-VIP-1

vip address

port 53

protocol tcp

redundant-index 35

add service PISWEBP01

add service PISWEBP02


content PIS-SMTP-VIP-1

vip address

port 25

protocol tcp

redundant-index 34

add service PISWEBP01

add service PISWEBP02


Any idea why?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Diego Vargas Thu, 06/19/2008 - 15:01

Hi Joseph,

It is not really clear what you are trying to do. You have a content rule configured for SMTP (port 25) which is used for load balancing, however you say you don't need load balancing and that the servers actually need to send outgoing mail

So my question is, is this traffic generated from the servers to the outside?

Or is traffic balanced to the servers?

Is the CSS the default gateway of the servers?

josephschung Thu, 06/19/2008 - 15:08

Yes, the web server will generate outgoing nslookup and send outgoing mail only.

The default gateway is configured.


Diego Vargas Thu, 06/19/2008 - 15:23

So, are the servers pointing the CSS as their default gateway?

or is there any other layer 3 device that will be gateway for the servers?

Is the CSS backend and frontend on the same VLAN?

Can you provide a show run?

If the CSS is not balancing SMTP to those servers, what is the content rule for?

Usually in order to route traffic to the outside you would use group on the CSS to NAT to an IP on the external network, like this:

group outbound

service xxxx1

service xxxx2

vip address xx.xx.xx.xx


harrjd222 Tue, 06/24/2008 - 12:22

also don't forget that dns lookup are udp based unless you are doing a zone transfer


This Discussion