Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

listener vs virtual gateway technology


I am studding how virtual gateway technology works and I think I understand how it does. If I have 2 domains: and I can specify the ironport through which interface mail can leave the ironport. My scenario is the following:

*) 1 interface: Data2
*) 2 Ip address: x.x.x.1 x.x.x.2

So I used altsrchost to match and to an specific ip address, resulting the following: -> x.x.x.1 -> x.x.x.2

By doing this, I now that email from will use the x.x.x.1 IP to leave the ironport and email from will use x.x.x.2 to leave the ironport.

Now, after I configure this set of IPs, an error is ocurring that the ironport cannot connect to phonehome through port 443. We only have granted access to this port in the ip x.x.x.1 but no on the x.x.x.2 IP. So here is one of my questions:

Is ironport updating from all its interfaces?

The following question is regarding listeners. Within a listener I can configure politics and hat and rat lists. So here is my question:

Do I have to configure a separate listener to use the second IP x.x.x.2?

Here is our scenario:

data1: management ip, listener management
data2: x.x.x.1 ip, listener production, with hat, rat and politics
data2: x.x.x.2 ip -> x.x.x.1 -> x.x.x.2

My third question is that after creating the virtual gateways, in the monitor windows, a message appears that no virtual gateways are created.

Am I missing a step or why does it not show a virtual gateway configured:

Thank you for your thoughts!

Community Member

Re: listener vs virtual gateway technology

When we added a second IP address to use for a virtual gateway, I discovered quite to my shock that all traffic started using it. I had to use a message filter to force the traffic back over to the interface it had been using before. I think the interface that AsyncOS selects as its "primary" interface is not quite as deterministic as we would like. My advice is to put both IP addresses in your firewall.

Do I have to configure a separate listener to use the second IP x.x.x.2?

Only if you want to receive incoming mail via that IP address. You don't need it for sending outbound mail using the virtual gateway mechanism.

I have no answer for your third question, since I've never run into that.

Community Member

Re: listener vs virtual gateway technology

The "Auto" interface is the one which sorts first in the string-wise sort of the IP addresses in dotted-quad form. i.e on a machine with IPs and

This means that adding a new IP to a box may change nothing, or almost everything.

CreatePlease to create content