• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SMTP outbound withISA 2006 EE NLB

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> SMTP outbound withISA 2006 EE NLB Page: [1]
Login
Message << Older Topic   Newer Topic >>
SMTP outbound withISA 2006 EE NLB - 19.Jul.2008 12:53:44 PM   
huntingj

 

Posts: 7
Joined: 12.Oct.2006
Status: offline
Hi There,

Is there any way I can force one of our Exchange Edge Transport Servers to send SMTP traffic outbound through a specific ISA Server when the ISA server is an an NLB cluster?

I've changed the default gateway on the Edge Transport Server in question to be the IP address of the Specific ISA server I want SMTP to be sent out through, but it still seems to be sending SMTP traffic outbound across all the servers in ISA array.

Apologies if this is a dumb question, but I'm relatively new to ISA.

Many thanks.
Post #: 1
RE: SMTP outbound withISA 2006 EE NLB - 21.Jul.2008 9:54:37 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
So you set the default gateway on the SMTP server to DIP of one of the firewall array members, but its showing the VIP as the source IP address outbound through the firewall array?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to huntingj)
Post #: 2
RE: SMTP outbound withISA 2006 EE NLB - 21.Jul.2008 10:19:07 AM   
huntingj

 

Posts: 7
Joined: 12.Oct.2006
Status: offline
Hi Tom,

Thanks for the reply.

Yes, I've set the SMTP server's default gateway to be the DIP of the ISA server I want to force SMTP traffic through, but when the SMTP server sends SMTP traffic it's still going out through the other server in the array (according to the ISA logs and the fact that some e-mail is failing the rDNS lookup due to the physical IP address being stamped with the external IP of the 'other' ISA server).

Is there a chance it is actually hitting the right ISA server internally, but then NLB is routing out through the external adapter of the other ISA server? Can this happen?

(in reply to tshinder)
Post #: 3
RE: SMTP outbound withISA 2006 EE NLB - 22.Jul.2008 11:25:27 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
If the source IP address of the outbound connection the VIP on the external interface?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to huntingj)
Post #: 4
RE: SMTP outbound withISA 2006 EE NLB - 22.Jul.2008 11:57:13 AM   
huntingj

 

Posts: 7
Joined: 12.Oct.2006
Status: offline
No, it's the primary IP as set on the external adapter. Should it be tagged with the external VIP? I thought this behaviour was by 'design' with ISA, where it used the primary IP of the external adpater through which the traffic leaves ISA.

(in reply to tshinder)
Post #: 5
RE: SMTP outbound withISA 2006 EE NLB - 23.Jul.2008 8:49:29 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
OK, something is wrong here, since if you sent to the DIP of one machine, it will not go out the DIP of another machine.

I'd do a packet trace to confirm this isssue.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to huntingj)
Post #: 6
RE: SMTP outbound withISA 2006 EE NLB - 23.Jul.2008 11:53:45 AM   
huntingj

 

Posts: 7
Joined: 12.Oct.2006
Status: offline
I thought this was the correct behaviour too.Thanks for the confirmation. I just wanted to check that NLB wasn't weaving any of its magic and redirecting traffic.

I'll set up a trace and see if I can figure out what's happening.

Thanks for your help so far, much appreciated.

(in reply to tshinder)
Post #: 7
RE: SMTP outbound withISA 2006 EE NLB - 24.Jul.2008 9:39:35 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
You bet!

Let us know what you see. Sounds like a very interesting problem.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to huntingj)
Post #: 8
RE: SMTP outbound withISA 2006 EE NLB - 22.Aug.2008 3:11:05 AM   
huntingj

 

Posts: 7
Joined: 12.Oct.2006
Status: offline
Hi Tom,

To give an update on this, I eventually put this call to MS Support to help resolve and after almost 2 weeks of troubleshooting with them, got confirmation back that ISA's in an NLB array will 'Always' receive traffic on the NLB MAC irrespective of the Gateway Settings on the client machine. Therefore, traffic will always load-balance across each ISA server.

This is someting to do with Unicast Mode (vs Multicast Mode). So to force traffic through a particular ISA server, you need to set up NLB in Multicast Mode. Apparently if you want to configure Multicast Mode you need ISA 2006 SP1 installing (since the MS hotfix that previously supported this has now been withdrawn) and be pretty experienced in what your doing (counts me out then!).

Hope this helps others.

Kind regards,

Jim




(in reply to tshinder)
Post #: 9
RE: SMTP outbound withISA 2006 EE NLB - 22.Aug.2008 9:34:46 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jim,

Thanks for the update! I wasn't aware of that effect of unicast mode. I know that multicast mode is now supported, but haven't set it up yet. When you say that you have to be pretty experienced, are you saying that the multicast mode setup is a bear?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to huntingj)
Post #: 10
RE: SMTP outbound withISA 2006 EE NLB - 26.Aug.2008 8:28:03 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Yeah, not hard, but a bit painful Tom.

It extends the ADAM schema, so you need to first decide which CSS is the schema master (Jim created a script for this on the ISA blog).

You then need to run some scripts to extend the schema and then use some switches to define the NLB mode you wish to use. Once the schema work has been done, you can then toggle backwards and forwards between the modes.

The confusing bit for me is that the scripts needed to enable the feature are not inlcuded with SP1 (that I could tell) but the actual ISA code that allows it to work is included.

I think an update to the GUI would have been a much nicer approach, but I guess time was limited...

Maybe I should blog the procedure?

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 11
RE: SMTP outbound withISA 2006 EE NLB - 26.Aug.2008 9:20:48 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jason,

Absolutely! If you have time, a blog post on how to do that would be great. I read the procedure and it didn't "look" that hard. Of course, nothing's hard for someone who doesn't have to do it :)

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 12
RE: SMTP outbound withISA 2006 EE NLB - 26.Aug.2008 10:26:44 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
The procedure isn't hard, just the fact that the information is a little vague and a bit scattered...

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to tshinder)
Post #: 13
RE: SMTP outbound withISA 2006 EE NLB - 26.Aug.2008 12:32:00 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Blog entry created...

http://blog.msfirewall.org.uk/2008/08/enabling-nlb-multicast-mode-on-isa.html

Hope this helps

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Jason Jones)
Post #: 14
RE: SMTP outbound withISA 2006 EE NLB - 28.Aug.2008 8:10:01 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jason,

Fantastic! I put a pointer to your article on my blog.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Jason Jones)
Post #: 15

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> SMTP outbound withISA 2006 EE NLB Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts