Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1024
Views
0
Helpful
4
Replies

Three domain / Three Public IP address / Three Physical Servers

justanotherdayintheoffice
Level 1
Level 1

‎05-26-2011 10:45 PM

Good day Everyone!

Please refer 1st to the attached diagram.

We are currently trying to find a way as to how we can route emails sent from sampleone.com to sampletwo.com without leaving the local network. We are doing this kind of setup to save bandwidth.

And since we have 3 public ip address, from my understanding is that in the firewall, we are going to NAT those three public ip addresses to ironport’s ip address and specify the accept incoming mail for the three domains. So my question is this, during an outgoing mail, how would the ironport know what public ip address is associated with a given domain? How would the firewall know that this domain/private ip address is associated with this public ip address?

Thanks

-karl

Labels:
Preview file
28 KB
0 Helpful
4 Replies 4

Andreas Mueller
Level 4
Level 4

‎05-27-2011 02:08 AM

Hello Karl,

basically you could set up three SMTP routes for the three domains, and use the internal  IP address of the servers as destinations.

GUI: network->SMTP Routes

CLI: smtproutes

smtproutes:

sampleone.com 192.168.1.10

sampletwo.com 192.168.1.20

samplethree.com 192.168.1.30

The routes are direction independend, means they will work for inbound and outbound alike.

BTW, a second approach would be using an internal DNS server which has the internal IP addresses for each of these daomains.

Hope that helps,

Andreas

0 Helpful

justanotherdayintheoffice
Level 1
Level 1
In response to Andreas Mueller

‎05-27-2011 02:43 AM

Hi Andreas,

So what you are saying is that we setup SMTP Routes like the one below:

Receiving Domain                    Destination Hosts

sampleone.com                       192.168.1.10

sampletwo.com                       192.168.1.20

samplethree.com                     192.168.1.30

And if joe@sampleone.com sent an email to jane@sampletwo.com, the email address will be from:

MailServerOne(sampleone.com) - Ironport - MailServerTwo(sampletwo.com). And that the email will not go out to the internet anymore and then comeback again?

PS

We have developed a virtual lab but have not tried this on an actual three domain, 3 physical server, 3 public ip address setup.

0 Helpful

Andreas Mueller
Level 4
Level 4
In response to justanotherdayintheoffice

‎05-27-2011 03:48 AM

Hello Karl,

that is correct, before delivering a message, AsyncOS checks the SMTP route list, if an entry exists for the domain in the envelope recipient's address, that destination (which can be an IP or hostname) will be used, otherwise the IronPort will perform an MX lookup as usual. So if you have such a route installed, any mail to that domain will not be routed trough the Internet (public MX record).

One addition to the SMTP route syntax, just in case:

example.com  matches recipient adresses like user@example.com

If there are subdomains as well, you'd need another entry for that:

.example.com will match anything like user@host1.example.com, sales.host.example.com, etc. The leading period stands for any subdomains or multiple subdomains. Note that this will not match user@example.com, for that the entry without the period is still required.

Also, SMTP routes can point to multiple addresses (comma separated), and different ports than 25. Just to let you know.

Regards,

Andreas

0 Helpful

justanotherdayintheoffice
Level 1
Level 1
In response to Andreas Mueller

‎06-16-2011 11:26 PM

This answer is correct. SMTP Route solves this.

Thanks Andreas.

0 Helpful
Customers Also Viewed These Support Documents