Solved: Thank you Boris! - Page 2

Alibek Ismailov · ‎08-20-2015

Hello, i configured 2-nd network interface on ironport.

I want that 2-nd interface sent messages from 2-nd outside IP-address.

On Default Route i have gateway of 1-st interface.

I added second route (to Destination i put IP-address (DMZ-zone) of 2-nd interface (AM I RIGHT?) and to Gateway - gateway of 2-nd interface).

*(Look for attachment)

2-nd interface gets messages from Mail Server, but sends it through 1-st interface from 1-st outer IP-address.

When i change Default Route Gateway to gateway of 2-nd interface, both interfaces send messages from 2-nd interface from 2-nd outer IP-address. So 1-st interface doesn't send from 1-st outer IP-address.

How to configure routing in Ironport that 1-st interface sent messages through 1-st outer IP-address and 2-nd interface sent messages through 2-nd outer IP-address?

Boris Uskov · ‎08-26-2015

Interesting story, thanks for update :)

Mathew Huynh · ‎08-26-2015

Hey Alibek and Boris,

I'm glad to see the supportforums are assisting in resolving your concerns :)
Just something I wanted to throw in as well based on the information on content filtering setup.

Content filters (same as Mail Policies) are applied in a top-down approach, so the ordering is very critical to ensure the right actions are taken at the right time.

Both content filter order, and also the ordering of the 'actions' for individual content filters.

Regards,

Matthew

Boris Uskov · ‎08-27-2015

Matthew, thanks for remark.

Armando Batuhan · ‎02-20-2017

Hi Boris,

Do you have any idea if ironport is capable to have a sub-interface? We want to use the DATA1 to have a 2 interfaces for 2 Domains.

Thanks!

Boris Uskov · ‎02-21-2017

Hello, Armando.

Yes, it is capable. Vlans can be configured from CLI. Use etherconfig command from CLI.

So, with Vlans the physic interface can be divided into sub-interfaces. After creating the vlan, you can manage them from GUI (Network -> Interfaces)

For more information, check Cisco ESA User Guide "Virtual Local Area Networks (VLANs)".

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa10-0/ESA_10-0_User_Guide.pdf

Armando Batuhan · ‎02-21-2017

Thank you Boris!

Just saw this comment from one of the discussion here. Is this possible or I still need to create VLAN?

*******************************

The device has physical interfaces (Data 1/Data 2 and Management). Some devices only Data 1 and Data 2, like C160.

You can create IP interfaces, which are logical interfaces. You can create more than 1 IP interface per physical interface. Something like:

esalab.cisco.com> interfaceconfig

Currently configured interfaces:

1. InternalNet (10.97.14.35/24 on Data 1: esalab.cisco.com)

2. Management (192.168.42.42/24 on Data 2: ironport.example.com)

3. SecondLogicInterface (10.97.14.36/24 on Data 1: esa.cisco.com)

As you can see, I have the IP interfaces named "InternalNet" and "SecondLogicInterface" binded to Data 1 Physical Interface.

*******************************************

Boris Uskov · ‎02-21-2017

Hi, still need to configure VLAN.

Armando Batuhan · ‎02-21-2017

Thank you so much Boris! :)

Alibek Ismailov · ‎08-26-2015

i solved my problem, problem was in content filters order. One filter with 'Skip Filters' action prevented work of next filter. Now i can send through 2nd interface with content filter.

Big thanks, man!

Boris Uskov · ‎08-26-2015

Great news! I'm glad my advices were helpful!

How to configure routing in Ironport with 2 network interfaces?