From: Theo van den Berg (theo.vandenberg@gmail.com)
Date: Tue Jan 09 2007 - 14:41:14 ART
Hi There
We would like to redirect our "dial" customers through to a SPAM/AV Mail
filter device( Possibly IronPort). This should happen for any smtp mail that
they might send. We know their assigned source addresses but the problem is
that the packet destination address might differ if they want to send SPAM
or connect to SMTP servers outside the network. Once the "intercepted" mail
is scanned it can forwarded to the "correct" SMTP server based on domain
lookup.
Does any one know how to do a traffic "redirection" to the new server. It
would require that all packet destination addresses be re-written when
matched to an extended access-list for port tcp 25 ?
ip nat inside = would not work since it translates source addresses
ip nat inside destination 1 = would not work since it translates source
based on destination addresses linked to a pool
ip nat outside source list = would not work since it translates the source
based on a destination address also linked to a pool
Assuming the inside interface is vlan 10 (172.16.10.1/24) and the outside
interface is VLAN 20 (172.16.20.1/24) and the interception device is on VLAN
20 (172.16.20.250/24)
Hence what is required is that all traffic from any source address that is
received on int vlan 10 be forwarded to vlan 20 and "redirected/intercepted"
by server 172.16.20.250. From there on it will be scanned and forwarded.
Would appreciate if anyone can come up with some solution/idea and a config
snippet to assist ?
Thanks in advance
Kind regards
Theo
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:56 ART