0

Going to try and explain this the best I can..

I have 2 public IP addresses. my cisco asa is configured with a NAT that assigns my exchange server 1 of the IPs, everything else gets the other IP.

I have exchange 2007, win2k8ex1 which has a NAT rule inside a cisco ASA that translates all communication through a static public IP (well say x.x.x.1)

I then have my domain controller with all the other systems that use x.x.x.2

I am currently upgrading to exchange 2010, on the inside everything is fine, I havent migrated mailboxes or anything yet. But I set up the legacy, autodiscovery, mail, and owa records accordingly on the inside dns (legacy is the only thing that points to exchange07) and it works fine.

I wanted to migrate users in groups over the next week.

Looking at the ASA, is it possible to have both of these servers talk through the same public ip using the NAT rules? I can only configure it to use one server at a time on the exchange-outside-ip (x.x.x.1)

im hoping i explained this well enough

thanks

Jeff
  • 1,089
  • 5
  • 26
  • 46
  • Not sure what you mean by "is it possible to have both of these servers talk through the same public ip using the NAT rules?". Both exchanges can be mapped to the same public IP for NAT, but for portwarding/PNAT/Destination NAT it will not work (unless you use non standard ports for one of them). – 3molo Mar 22 '11 at 18:44
  • thats what i was figuring - i think im going to just have to plan a giant migration all at once instead of spacing it out like I was hoping to accomplish – Jeff Mar 22 '11 at 18:54

1 Answers1

1

You'll want to set up Exchange 2010's Edge Transport Role (and possibly Client Access Service Role) on a server using that one IP for outside access/transfer.

Edit: Hub Transport can be used in place of Edge Transport if you're feeling squirrely.

Edit 2/3: There's a guide to CAS proxying from Microsoft at the following link: http://technet.microsoft.com/en-us/library/bb310763.aspx

Hyppy
  • 15,608
  • 1
  • 38
  • 59
  • I don't have the ability to get another server for the edge transport. i have the client access, hug transport, and mb server roles on the same server. we dont use edge transport on either system, we have an outside spam filter that basically does the same thing, but we don't manage it – Jeff Mar 22 '11 at 18:54
  • Then just run Hub Transport and Client Access on it. The only conceivable reason to connect straight to 2007 from the Internet once you have 2010 running is for client access, with CAS should nicely take care of. – Hyppy Mar 22 '11 at 18:58
  • hyppy - so, if i have the hub transport and client access installed on my new server, and i just change the NAT rule to point to the new server instead of the. create the legacy.kranichs.com on my outside dns as well, that even if a mailbox is still located on the 2007 server, the 2010 CAS role will still route the messages accordingly and everything should work? – Jeff Mar 22 '11 at 19:02
  • Hub Transport is what will route the messages to mailboxes within your organization. CAS is just for client access (OWA, Outlook, etc) – Hyppy Mar 22 '11 at 19:07
  • right - so basically all that is needed to access the outside is the hub transport on exchange 2010, and it will route the mailflow to the exchange 2007 mail boxes – Jeff Mar 22 '11 at 19:14
  • If you're not going to need CAS from the outside, then yes. – Hyppy Mar 22 '11 at 19:20
  • CAS will restrict owa from working from the outside for users whom mailboxes are still on the 2007 ? – Jeff Mar 22 '11 at 19:30
  • sorry that was more of a statement. thanks for your help again – Jeff Mar 22 '11 at 19:38
  • My bad, check that. 2010 CAS proxying will only work if Exchange 2007 is in a different AD site, otherwise you'll need to redirect to the 2007's CAS – Hyppy Mar 22 '11 at 19:40
  • oh. they are in a/d site. So what we discussed above is not going to work for my scenario than. Are you sure about that though - because I thought that with the legacy.domain.com a record pointing to the 2007 server, exchange 2010 routes accordingly (IE if i access owa.domain.com which points to the outlook web app from 2010, and login with my mailbox on 2007 it routes it to the web access on 2007) – Jeff Mar 22 '11 at 20:06
  • That's what I thought, too. I'm getting conflicting advice from multiple sources. 1: http://technet.microsoft.com/en-us/library/bb310763.aspx 2: http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/5c2f18bc-4ed5-471f-9b46-7add642b06d8/ – Hyppy Mar 22 '11 at 20:11
  • both from microsoft lol. i guess ill just give it a shot tonight and see if mail flow works - if not ill switch it back and schedule a massive migration. i still have a few event log errors to go through anyway. – Jeff Mar 22 '11 at 20:20