Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SMTP outbound withISA 2006 EE NLB
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
SMTP outbound withISA 2006 EE NLB - 19.Jul.2008 12:53:44 PM
|
|
|
huntingj
Posts: 7
Joined: 12.Oct.2006
Status: offline
|
Hi There,
Is there any way I can force one of our Exchange Edge Transport Servers to send SMTP traffic outbound through a specific ISA Server when the ISA server is an an NLB cluster?
I've changed the default gateway on the Edge Transport Server in question to be the IP address of the Specific ISA server I want SMTP to be sent out through, but it still seems to be sending SMTP traffic outbound across all the servers in ISA array.
Apologies if this is a dumb question, but I'm relatively new to ISA.
Many thanks.
|
|
|
|
|
RE: SMTP outbound withISA 2006 EE NLB - 21.Jul.2008 9:54:37 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
So you set the default gateway on the SMTP server to DIP of one of the firewall array members, but its showing the VIP as the source IP address outbound through the firewall array?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: SMTP outbound withISA 2006 EE NLB - 21.Jul.2008 10:19:07 AM
|
|
|
huntingj
Posts: 7
Joined: 12.Oct.2006
Status: offline
|
Hi Tom,
Thanks for the reply.
Yes, I've set the SMTP server's default gateway to be the DIP of the ISA server I want to force SMTP traffic through, but when the SMTP server sends SMTP traffic it's still going out through the other server in the array (according to the ISA logs and the fact that some e-mail is failing the rDNS lookup due to the physical IP address being stamped with the external IP of the 'other' ISA server).
Is there a chance it is actually hitting the right ISA server internally, but then NLB is routing out through the external adapter of the other ISA server? Can this happen?
|
|
|
|
|
RE: SMTP outbound withISA 2006 EE NLB - 22.Jul.2008 11:57:13 AM
|
|
|
huntingj
Posts: 7
Joined: 12.Oct.2006
Status: offline
|
No, it's the primary IP as set on the external adapter. Should it be tagged with the external VIP? I thought this behaviour was by 'design' with ISA, where it used the primary IP of the external adpater through which the traffic leaves ISA.
|
|
|
|
|
RE: SMTP outbound withISA 2006 EE NLB - 23.Jul.2008 8:49:29 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
OK, something is wrong here, since if you sent to the DIP of one machine, it will not go out the DIP of another machine.
I'd do a packet trace to confirm this isssue.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: SMTP outbound withISA 2006 EE NLB - 23.Jul.2008 11:53:45 AM
|
|
|
huntingj
Posts: 7
Joined: 12.Oct.2006
Status: offline
|
I thought this was the correct behaviour too.Thanks for the confirmation. I just wanted to check that NLB wasn't weaving any of its magic and redirecting traffic.
I'll set up a trace and see if I can figure out what's happening.
Thanks for your help so far, much appreciated.
|
|
|
|
|
RE: SMTP outbound withISA 2006 EE NLB - 22.Aug.2008 3:11:05 AM
|
|
|
huntingj
Posts: 7
Joined: 12.Oct.2006
Status: offline
|
Hi Tom,
To give an update on this, I eventually put this call to MS Support to help resolve and after almost 2 weeks of troubleshooting with them, got confirmation back that ISA's in an NLB array will 'Always' receive traffic on the NLB MAC irrespective of the Gateway Settings on the client machine. Therefore, traffic will always load-balance across each ISA server.
This is someting to do with Unicast Mode (vs Multicast Mode). So to force traffic through a particular ISA server, you need to set up NLB in Multicast Mode. Apparently if you want to configure Multicast Mode you need ISA 2006 SP1 installing (since the MS hotfix that previously supported this has now been withdrawn) and be pretty experienced in what your doing (counts me out then!).
Hope this helps others.
Kind regards,
Jim
|
|
|
|
|
RE: SMTP outbound withISA 2006 EE NLB - 22.Aug.2008 9:34:46 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jim,
Thanks for the update! I wasn't aware of that effect of unicast mode. I know that multicast mode is now supported, but haven't set it up yet. When you say that you have to be pretty experienced, are you saying that the multicast mode setup is a bear?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: SMTP outbound withISA 2006 EE NLB - 26.Aug.2008 9:20:48 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jason,
Absolutely! If you have time, a blog post on how to do that would be great. I read the procedure and it didn't "look" that hard. Of course, nothing's hard for someone who doesn't have to do it :)
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
