Showing results for 
Search instead for 
Did you mean: 

Anyone got any tips for Dual Interface/M365 integration?

I have an appliance in a dual network interface deployment. One interface is the private listener, the other is public. Public faces the internet path, private faces the Exchange servers. Routing wise I've got a default gateway pointing out external and RFC1918 static routes facing my internal direction.

Now we're looking to integrate Mail365 into the flow path and here's my issue. MS comes from the internet, ie: the external path. But that's configured with the public listener. 

I can set up networking so that it can come into the internal listener to follow the outgoing path, but thanks to the routing table i get asyncronous traffic flow (return data going out the external interface as per the default route). If I add MS as static routes, i end up capturing normal inbound traffic as outgoing because MS uses the same IPs for mail flow in both directions, so i can't use source ips to seperate the traffic.

My solution currently is to source nat any M365 outgoing traffic before it hits my internal listener and ensuring a route brings that traffic back out the internal interface. 

Has anyone got a better solution for this? I tried creating another listener for the outgoing on the external interface on port 587 but found that exiting traffic went out port 25 instead and still caused connection issues instead of returning on 587.

Is there a mode somewhere in the ironport where i can set a per interface routing table, or a per vlan routing table? failing that, some simple override mode for the interface that says, "ignore the routing table for returning incoming connections" or some such?

1 Reply 1

Hi folks,

I was hoping someone might have been able to give some help on this issue, it's still outstanding.