Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
711
Views
0
Helpful
3
Replies

Ironport C170 IP Source Preservation

rfranzke
Level 1
Level 1

‎09-23-2013 08:48 AM - edited ‎03-11-2019 07:42 PM

All,

We have a customer using an Ironport C170 Email firewall device. It seems the Ironport proxies Email traffic to the configured MTA using its own source IP instead of the client IP address. This is causing an issue for our customer as they need to be able to filter and do some post processing based on source IP. I am totally unfamiliar with the Ironport series as we do not use them here and searches do not reveal a way to have the Ironport preserve the source address. Could anyone more familiar with this device enlighten me on if source preservation is possible with this. Seems to be a true proxy device so I am not sure there is a way but thought I would throw it to the experts to be sure. Thanks in advance for replies.

Labels:
0 Helpful
3 Replies 3

Luis Silva Benavides
Cisco Employee
Cisco Employee

‎09-25-2013 12:16 PM

Hi,

As soon as the ESA recieves the traffic from the email server will be processed and then it will be send using its interface IP address. What is the source IP address that should be preserved? What device owns it?

Regards,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva
0 Helpful

rfranzke
Level 1
Level 1
In response to Luis Silva Benavides

‎09-26-2013 08:29 AM

Thanks for the reply. I should have been more clear. So for connections inbound from Internet clients, it seems the source IP is that of the C170 from the perspective of the Email server. Connection path would look like this:

client-------->C170--------->Email Server

For these connections, when the connection goes from the C170 to the Email server, the source IP is changed from that of the client, to that of the C170 because I believe the connection is actually being proxied. I would like to know if there is some configuration that would allow the source IP (in this case the clients source IP) to be preserved when the connection is sent to the Email server. Some sort of transparent proxy option perhaps? I really do not know anything about this C170 device, but things I read do not seem to indicate there is a way to do this. Just trying to see if anyone can confirm. Thanks.

0 Helpful

rfranzke
Level 1
Level 1
In response to rfranzke

‎11-11-2013 08:19 AM

Anyone......I have a hard time believing this has never come up before. I know the Barracuda devices can do this somehow. Again, I am not at all familiar with Ironport gear so I am at a disadvantage here. Any help would be great. Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card