Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

End user Quarantine Access

I have configured our LDAP and turned on the quarantine access for users.
I have tested and it works! Yeah..... well for people on the same subnet as he C300.

The C300 is on a 10.x.x.x subnet and so is everyone at this location but those that are on the wireless or off site cannot connect to the quarantine queue.
I set up another Route for the wireless subnet of 172.x.x.x but still not working. I don't want to make too many changes since I am still somewhat of a newbie to Ironport and I don't want to break anything..


New Member

Re: End user Quarantine Access

It sounds like a routing issue. I have had this happen to me as well, and it turned out to be address spoofing on our firewall. The address is our managment address / quarantine, is our incomming / outgoing smtp subnet and the was our userbase subnets. The default route was What was happening was the packets would come into the device on the address then when returning it would come back via the default route of This would cause an address spoofing condition on our firewall. I needed to create another address on the subnet for the quarantine so that it would then route out the default route without address spoofing. For the management address's I just created host routes for the Admins who needed access to the GUI of the Ironport. It may not be the cleanest way of doing it, however it has worked for me in this situation.
I hope this makes sense and helps someway in getting you a resolution.