RE: FW: Different firewalls. Maybe a dumb question.

  • From: "Joe Pochedley" <joepochedley@xxxxxxxxx>
  • To: "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 18 Jun 2004 23:42:25 -0400

I've got my Exchange server set up in a fashion that would handle this
(for the reason to provide incoming redundancy though)...  


Please keep in mind that I don't understand this completely, so maybe
someone who has a better grasp of IP and the way things are handled
through ISA can fill in the blanks...  


Basically, you can set up a Windows server with two different default
gateways, setting the one with the higher metric to be the one you want
your outbound traffic to go through....   You need to manually add the
second route through the ROUTE ADD command, as doing it through the GUI
doesn't seem to stick...  Doing this will cause all outbound mail to go
through the lower metric gateway, but the Exchange server will still
respond back through the ISA server that accepted the incoming SMTP
session...  Without these two gateways on the Exchange server, incoming
client requests sent to the second (incoming only) ISA server never seem
to get a response back from the Exchange box...  


Now, this is where my understanding falls apart...  It's my
understanding in the realm of IP routing that the route to and from a
client doesn't need to be the same...  Having the outbound part of a
incoming SMTP communication go through a different gateway should work
OK...  Maybe it's just the way the session is initiated and flow handled
through ISA?  (I haven't tested this type of scenario without ISA)  I
was told once that this quirk may be due to Windows support for dead
gateway detection (DGD)...  Maybe that's the case though I don't
understand DGD enough to say for sure...  I can confirm that I haven't
been able to replicate this ability to communicate simultaneously
through two ISA servers (inbound SMTP) to a Linux box (which doesn't
support DGD), but I can also confirm that I've run this configuration on
multiple Exchange boxes behind two ISA servers...


Not to usurp the thread, but if anyone can tell me how to allow a Linux
SMTP box (SNAT of course) to accept and properly respond to incoming
SMTP requests from two ISA servers which are acting as default gateways
to two different ISPs, I would be eternally grateful.  (Hey, I'm sure it
would provide an alternate resolution to the original question as well!)


Joe Pochedley





From: G. Waleed Kavalec [mailto:Kavalec@xxxxxxxx] 
Sent: Friday, June 18, 2004 12:17 PM
To: [ Discussion List]
Subject: [isalist] FW: Differenet firewalls. Maybe a dumb question.

Please forgive the cross-post...


 -----Original Message-----
To: MS-Exchange Admin Issues
Subject: Differenet firewalls. Maybe a dumb question.

 Can I direct outgoing mail through a different firewall than incoming

Firewall = ISA server 2K 

Exchange = 2K 

And if so, how? 

   G. Waleed Kavalec 
   Baca, Stein, White and Associates 

List Archives:
ISA Server Newsletter:
ISA Server FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking:
Leading Network Software Directory:
No.1 Exchange Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
To unsubscribe visit

Other related posts: