SMTP load balancing with Exchange 2010

Do you have SNAT enabled on the SMTP virtual server?

Hi Markus-

BIG-IP will replace the original source IP of incoming connections with one of its own when you have Source Address Translation (otherwise know as SNAT) enabled on the virtual server.

Since your BIG-IP system is replacing the address with its own self IP address, it's likely that you have this value set to 'Auto Map'. Setting it to 'None' should change the behavior to preserve the original source IP address.

However, you must make sure that your Hub Transport servers have a route back to the source network(s) through the BIG-IP--in other words, using the self IP address that's on the same local subnet as the Hub Servers as the gateway. SNAT removes the need for this route, but if you disable SNAT, you'll need to have it in place.

I think the simple answer is what Nick brought up. It sounds like you have SNAT Automap enabled on the Virtual Server. This is often used as a quick fix for any routing issues. It makes it so your back end servers see the source IP of traffic flowing through the BIGIP as one of the F5's IP addresses. It would appear that in this scenario you want the servers to see the true client IP address. This will require disabling SNAT on the virtual server AND ensuring there are appropriate routes on your SMTP servers to route traffic back through the F5. Before tinkering with this one setting I would recommend reading over the Exchange 2010 deployment guide and ensuring you are following recommended practices with your Exchange deployment:

http://www.f5.com/pdf/deployment-guides/microsoft-exchange-2010-2013-iapp-dg.pdf

A quick fix is to add the self IP that the BIG-IP is sourcing traffic from as a connector. We had to do this when using LTM in an SNAT auto map configuration load balancing across multiple hub transport servers.

You could take Cory's suggestion one step further and, rather than using SNAT Auto Map, have an iRule pick a SNAT address to use depending on the original source. That would allow you to still have multiple receive connectors based on origin, with a different SNAT address for each origin subnet (or however you do the segregation). If you want an example of such an iRule, let me know and I'll post something.

Thanks all for your response, it has been almost 4 years since I last worked with an F5. currently "Source Address Translation" is set to "Auto Map" and other choices are "None" and "SNAT". So should I choose "none"?

Thanks again.

Ok, I set the default gateway for my hub transports to the F5 vlan self ip. inbound worked great but the outbound to internet or outside lan did not work. I could not even browse the web. Is this where I need to add a Rout Domain?

Thanks all for you support. You all Rock!!

You need a wildcard network forwarding virtual server.

A virtual server that is of type perfl4 defined as 0.0.0.0 enabled on your servers VLAN.

Create a custom fastl4 profile with loose init and loose close enabled. Please keep in mind that this will change your BIGIP's behavior from being a default deny device to routing traffic on any VLAN in which this virtual server is enabled. You will need to have routes in place to get traffic back to your SMTP servers from upstream or enable SNAT.