Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
3
Replies

Add New Ironport Cluster Member

Go to solution
justinus.budi
Level 1
Level 1

‎08-04-2025 11:08 AM

When we add new ironport cluster member that using NAT, the new member communicate using real ip rather that NAT IP.

In clusterconfig > COMMUNICATION, i can change the ip that used for cluster communication. When i change the IP address do i need to commit the changes?

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Udupi Krishna.
Cisco Employee
Cisco Employee
In response to justinus.budi

‎08-13-2025 06:45 AM

Are these 2 ESA(s) already in cluster and the plan now is to change the communication IP address? or are you adding a brand new ESA to an existing cluster and you are looking to use the NAT IP for communication?

If its the latter, change the communication IP of the existing member in cluster, run a commit on the cluster.

Access the CLI of the new ESA, via clusterconfig select join existing cluster and add the NAT IP of the cluster member. This way when new member connects to the existing ESA, it will use the NAT IP. At the same time if the IP address of the new member goes through a NAT too, cluster member will see source as NAT IP (instead of the real IP)

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Enes Simnica
Spotlight
Spotlight

‎08-04-2025 11:12 AM - edited ‎08-04-2025 11:12 AM

hello @justinus.budi , and yes, when u change the IP address under clusterconfig > COMMUNICATION, u do need to commit the changes for them to take effect. Until u commit, the new IP won't be used for cluster communication. Also, why not,  make sure the real IP is reachable between members if NAT is involved, cluster communication typically uses the real IPs, not the NATed ones, unless u're doing some special routing or tunneling.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200885-ESA-Cluster-Requirements-and-Setup.html

hope it helps..

 

-Enes

more Cisco?!
more Gym?!



If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!
0 Helpful

Go to solution
justinus.budi
Level 1
Level 1

‎08-05-2025 07:14 AM

After add the new member, where should i do the commit, on the master cluster or on the new member. For example 10.204.111.1 is the existing cluster member 10.204.111.2 the new member. in which ip should i do the commit?

0 Helpful

Go to solution
Udupi Krishna.
Cisco Employee
Cisco Employee
In response to justinus.budi

‎08-13-2025 06:45 AM

Are these 2 ESA(s) already in cluster and the plan now is to change the communication IP address? or are you adding a brand new ESA to an existing cluster and you are looking to use the NAT IP for communication?

If its the latter, change the communication IP of the existing member in cluster, run a commit on the cluster.

Access the CLI of the new ESA, via clusterconfig select join existing cluster and add the NAT IP of the cluster member. This way when new member connects to the existing ESA, it will use the NAT IP. At the same time if the IP address of the new member goes through a NAT too, cluster member will see source as NAT IP (instead of the real IP)

0 Helpful
Customers Also Viewed These Support Documents