Cisco Community
English
Register
Make a difference. Your participation will help fund Save the Children. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community
Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-227
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info
1387
Views
10
Helpful
3
Replies
cyberurmel
Beginner
Beginner
‎11-14-2019 03:33 AM
‎11-14-2019 03:33 AM

Specific Emails send over specific interface (cluster) possible?

Hi all,

we have a cluster with 2 machines . Each of them have an own outgoing if . My Question is - is it possible to sent out specific mails to Domains e.g. all to @cisco.com  via the secondary machine outgoing interface?

I could not find that as i am surely possible to make an outgoing Policy … but if i want to define the filter for that i am not anymore on cluster mode . And from the first machine i do not want to send out from outgoing if to cisco.com .

 

can you explain me please how to solve that?


Thanks

 

Labels:
0 Helpful
2 ACCEPTED SOLUTIONS

Accepted Solutions
Philippe Boeij
Beginner
Beginner
‎11-14-2019 04:27 AM
‎11-14-2019 04:27 AM

Hi, I wouldn't recommend this but here we go.

I'd create a message filter on node1 (clusterconfig switch to node1) to redirect all messages to cisco.com to node2 (alt-dsthost).

Node2 will deliver tese messages like all others.

Or create a specific SMTP route on node1 (override cluster settings) to redirect cisco.com to relayinterface of node2.

 

Regards,

Philippe

View solution in original post

Mathew Huynh
Cisco Employee
Cisco Employee
In response to Philippe Boeij
‎11-15-2019 02:09 PM
‎11-15-2019 02:09 PM

Hey Cyberurmel,

I agree with Philippe, i wouldn't recommend this setup as it could get messy with manipulation.
Philippe's workaround will work where you're re-routing any emails that hits node1 into node2 for final delivery.

But as you also shared you need ensure you use a interface as well.

So adding to Philippe's workaround, you will need to create (on ESA2 and it also needs to be a machine override of cluster as to not impact ESA1) altsrchost command -> cisco.com -> use the specific interface you choose.

So ESA1 -> sees @cisco.com as recipient -> Sends it to ESA2 -> ESA2 looks at altsrchost and ensures deliveries are done using specific interface.

Lastly, on ESA2 you need to make sure you create a rule where if the emails are coming in from ESA1 (to ESA2) to skip the scanning as to not double scan.

Regards,
Mathew

View solution in original post

3 REPLIES 3
Philippe Boeij
Beginner
Beginner
‎11-14-2019 04:27 AM
‎11-14-2019 04:27 AM

Hi, I wouldn't recommend this but here we go.

I'd create a message filter on node1 (clusterconfig switch to node1) to redirect all messages to cisco.com to node2 (alt-dsthost).

Node2 will deliver tese messages like all others.

Or create a specific SMTP route on node1 (override cluster settings) to redirect cisco.com to relayinterface of node2.

 

Regards,

Philippe

View solution in original post

Mathew Huynh
Cisco Employee
Cisco Employee
In response to Philippe Boeij
‎11-15-2019 02:09 PM
‎11-15-2019 02:09 PM

Hey Cyberurmel,

I agree with Philippe, i wouldn't recommend this setup as it could get messy with manipulation.
Philippe's workaround will work where you're re-routing any emails that hits node1 into node2 for final delivery.

But as you also shared you need ensure you use a interface as well.

So adding to Philippe's workaround, you will need to create (on ESA2 and it also needs to be a machine override of cluster as to not impact ESA1) altsrchost command -> cisco.com -> use the specific interface you choose.

So ESA1 -> sees @cisco.com as recipient -> Sends it to ESA2 -> ESA2 looks at altsrchost and ensures deliveries are done using specific interface.

Lastly, on ESA2 you need to make sure you create a rule where if the emails are coming in from ESA1 (to ESA2) to skip the scanning as to not double scan.

Regards,
Mathew

View solution in original post

cyberurmel
Beginner
Beginner
In response to Mathew Huynh
‎11-19-2019 06:59 AM
‎11-19-2019 06:59 AM

Thanks to you guys fpor help,

 

I see that it is not so easy as expected from me. Also that you not to recommend this – we decided to divide the traffic to cisco.com via the mailserver that is in front of them. Seems to be easier. The problem is only that I am not the admin for that- so if its needful to do this as my question before I will think about the workaround for some hours.

 

Thanks and regards

Cyb

0 Helpful
Latest Contents
What’s New in Cisco Secure Endpoint—November 2021
Created by kasachs on 11-29-2021 03:46 PM
1
0
1
0
We’re excited to announce new capabilities with Secure Endpoint that allow you to simplify your security and maximize your security operations: Unify your security stack and reduce agent fatigue with Cisco Secure Client; harness integrated risk-based vuln... view more
(Podcast) S8|E47 Turbocharge with Cisco Secure Endpoint
Created by Amilee San Juan on 11-22-2021 06:37 PM
1
5
1
5
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/CiscoChampion Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of di... view more
General information on Cisco TC-NAC with ISE
Created by Jason Kunst on 11-18-2021 11:00 AM
0
5
0
5
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE   Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th... view more
The 2021 IT Blog Awards is now accepting submissions!
Created by caiharve on 11-16-2021 02:52 PM
0
0
0
0
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t... view more
Secure Endpoint/Amp for Endpoints-Decommissioning Legacy Clo...
Created by Brett Murrell on 11-02-2021 03:01 AM
0
5
0
5
Problem Description  Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE- Guest and Posture Troubleshooting (40%)

Vote
Hide Results
Content for Community-Ad