Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5930
Views
0
Helpful
4
Replies

Cisco ironport ESA on vmware

mohamed fayz
Level 1
Level 1

‎09-30-2013 03:12 PM

Hai,

I am doing a POC for one of my customer in cisco Email Security using VMWARE UCS server. I installed Cisco c300v os on the vmware and is working fine.

my issue is, i was not getting seperate routing table for data and management interface same as applaince.

In vmware, i had created 2 ethernet port . 1 for management and another for data. managemnt interface connected on the management ethernet and same for data.

So, how can i achieve seperate routing table for data and management?????

this is a big issue, otherwise i have to open all the ports in data interface where my smtp communciation is happening. kidnly advise, if any body face this issue???

Labels:
0 Helpful
4 Replies 4

mohamed fayz
Level 1
Level 1

‎09-30-2013 08:35 PM

Dear Team,

Kindly let me know, if you have any solution for the above. Without this 1 am not able to download the ironport updates.

Regards,

fayz

0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee
In response to mohamed fayz

‎10-01-2013 10:33 AM

Fayz -

When you say "ironport updates", do you mean updates for IPAS (Ironport AntiSpam) and AV (Sophos or McAfee)?  What is the updater log reporting when you are trying to get updates?  Is your virtual ESA licensed correctly?

What is the version of the virtual ESA you have loaded?  (Should be 8.0.0.671; run 'version')

What is the updateconfig set for on your virtual appliance?  Please run the 'updateconfig' command, and at the first response, please enter 'dynamichost'.

#########################

myesa_2.local> updateconfig

Service (images):                  Update URL:                                 

------------------------------------------------------------------------------

Feature Key updates                http://downloads.ironport.com/asyncos       

McAfee Anti-Virus definitions      Cisco IronPort Servers                      

RSA DLP Engine Updates             Cisco IronPort Servers                      

PXE Engine Updates                 Cisco IronPort Servers                      

Sophos Anti-Virus definitions      Cisco IronPort Servers                      

IronPort Anti-Spam rules           Cisco IronPort Servers                      

Intelligent Multi-Scan rules       Cisco IronPort Servers                      

Outbreak Filters rules             Cisco IronPort Servers                      

Timezone rules                     Cisco IronPort Servers                      

Cisco IronPort AsyncOS upgrades    Cisco IronPort Servers                      

IMS Secondary Service rules        Cisco IronPort Servers                      

Service (list):                    Update URL:                                 

------------------------------------------------------------------------------

McAfee Anti-Virus definitions      Cisco IronPort Servers                      

RSA DLP Engine Updates             Cisco IronPort Servers                      

PXE Engine Updates                 Cisco IronPort Servers                      

Sophos Anti-Virus definitions      Cisco IronPort Servers                      

IronPort Anti-Spam rules           Cisco IronPort Servers                      

Intelligent Multi-Scan rules       Cisco IronPort Servers                      

Outbreak Filters rules             Cisco IronPort Servers                      

Timezone rules                     Cisco IronPort Servers                      

Service (list):                    Update URL:                                 

------------------------------------------------------------------------------

Cisco IronPort AsyncOS upgrades    Cisco IronPort Servers                      

Update interval: 5m

Proxy server: not enabled

HTTPS Proxy server: not enabled

Choose the operation you want to perform:

- SETUP - Edit update configuration.

[]> dynamichost

Enter new manifest hostname:port

[stage-stg-updates.ironport.com:443]>

#########################

Verify Port 80 or 443 access to update servers.

From the CLI, please verify you can access the following servers on port 80 or 443 outbound:

myesa_2.local> telnet updates.ironport.com 80

Trying 208.90.58.25...

Connected to origin-updates.ironport.com.

Escape character is '^]'.

^]

telnet> quit

Connection closed.

myesa_2.local> telnet downloads.ironport.com 80

Trying 173.223.232.105...

Connected to a173-223-232-105.deploy.static.akamaitechnologies.com.

Escape character is '^]'.

^]

telnet> quit

Connection closed.

#########################

-Robert

Cheers,
Robert Sherwin
0 Helpful

mohamed fayz
Level 1
Level 1
In response to Robert Sherwin

‎10-01-2013 10:41 AM

Dear Robert,

Thank you very much for your reply.

My issue is in vmware enviorement, i cannot see any sepearte routing table for management and data. Both are clubbed in VM. I am using Data interface  (p1) for mail communication on port 25. I cannot allow all the destination using that Interface. So for update and all i need to use management interface.

So the issue is , i cannot set only 1 default route from ESA in vmware since we are having only 1 routing table.

in normal Email security appliance, we can see options to set m1 interface to appliance management only check box.

Kindly advise.

Regards,

Fayz

0 Helpful

mohamed fayz
Level 1
Level 1
In response to mohamed fayz

‎10-06-2013 01:23 AM

Hai Dears,

Any Update for Cisco Ironport ESA on vmware?? Y i am not able to create a seperate interface for management only ???

as of now, i cannot create seperate routing table for data and management.!!!!

0 Helpful
Customers Also Viewed These Support Documents