Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3408
Views
5
Helpful
5
Replies

ESA C190 two interfaces ( DATA 1 & DATA 2)

Go to solution
mohamed.fawzy2012
Level 1
Level 1

‎12-25-2017 01:46 PM - edited ‎03-08-2019 07:30 PM

 I am trying to install new ESA c190 for first time but  there is only one default gateway and customer  wants an interface (DATA2) for internal and external SMTP traffic  along with "DATA 1" interface as dedicated Management interface and I don't see how the connection will work with only one default gateway, when the interfaces are on separate networks. and default route points to ip address of management interface but i don't know is that right or i suppose to edit it to ip address of DMZ interface that have DATA 2 connected to it , i just want to understand how is the traffic being separated 

 

DATA1 interface connected to core switch and its gateway is the core

DATA2 interface connected to DMZ zone and gateway is firewall 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dmccabej
Cisco Employee
Cisco Employee
In response to mohamed.fawzy2012

‎12-26-2017 07:12 AM

Hello,

 

I've attached an example that I'm using for one of my internal labs. As you can see I have two interfaces, with one as 172.16.0.10 and the other as 192.168.1.50. All traffic by 'Default' will be going out my Default Route (Default Gateway) of 172.16.0.1, and hence out my 172.16.0.10 IF; however, any traffic destined for my internal network of 192.168.1.0/24 will instead be going out my 192.168.1.50 IF. 

 

If you're still unclear, I would recommend researching information on IP routing and how it works. 

 

Thanks!

-Dennis M.

 

2017-12-26_10-03-06.png

2017-12-26_10-03-34.png

View solution in original post

5 Replies 5

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎12-25-2017 05:04 PM

Hi,

 

You can control the traffic going out of the ESA using the network routes configured under Network -> Routes.

 

The interface on the ESA would be selected based on the route defined for the destination the ESA is connecting to.

 

Regards,

Libin Varghese 

 

0 Helpful

Go to solution
mohamed.fawzy2012
Level 1
Level 1
In response to Libin Varghese

‎12-25-2017 10:38 PM

How give me examples like i said data1 will be dedicated management and its gateway will be core switch and data2 interface will be smtp listener and connected directly to dmz interface of firewall


Explain also how smtp traffic will go from internal users to ESA via data1 or data2 



0 Helpful

Go to solution
dmccabej
Cisco Employee
Cisco Employee
In response to mohamed.fawzy2012

‎12-26-2017 07:12 AM

Hello,

 

I've attached an example that I'm using for one of my internal labs. As you can see I have two interfaces, with one as 172.16.0.10 and the other as 192.168.1.50. All traffic by 'Default' will be going out my Default Route (Default Gateway) of 172.16.0.1, and hence out my 172.16.0.10 IF; however, any traffic destined for my internal network of 192.168.1.0/24 will instead be going out my 192.168.1.50 IF. 

 

If you're still unclear, I would recommend researching information on IP routing and how it works. 

 

Thanks!

-Dennis M.

 

2017-12-26_10-03-06.png

2017-12-26_10-03-34.png

Go to solution
mohamed.fawzy2012
Level 1
Level 1
In response to dmccabej

‎12-26-2017 11:57 AM

i know that solution , what it is confused that is the SMTP traffic comes from internal users to outside and comes from outside to internal users , is that will not affect any thing after doing this ?

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to mohamed.fawzy2012

‎12-26-2017 12:39 PM

When thinking about how mail is processed through the ESA, which listener (which is tied to an ip address and from there which interface) is what matters.

With mail leaving the ESA, the interface that it leaves doesn't affect the processing except that the box receiving it has to allow mail from that ip/firewall holes open etc.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents