Using 2 NICs and 2 MX Records on 1 Exchange 2003 Server

My organization has two separate T1 IP pipes provided by different ISP's, each configured to move traffic upstream and downstream. Each also has a public MX record in DNS: MX 1 value = 10, MX 2 value = 20. Each MX has also been listed to perform reverse DNS to avoid bouncebacks.

The idea is, if one pipe or ISP fails, the other picks up the slack, and mail still flows in both directions.

We use one robust, non-clustered Exchange 2003 Server to perform both front-end mail functions and to host mailboxes. This machine has dual identical NICs which are assigned consecutive internal class C addresses (192.168.0.5 and 192.168.0.6).

The internal addresses are NAT'ed in firewall (SonicWall Pro3060) to their public MX's. The firewall has been further configured to fail IP pipe 1 over to IP pipe 2.

The question is: What hazards am I inviting by configuring in this manner? Is pointing multiple public mail records at one front-end/back-end Exchange server a security threat? Am I overlooking some obvious no-no?

I should also note that I don't know if this topology will work in practice, because I haven't physically plugged into NIC 2 yet.









tmeierAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SembeeCommented:
If it was me doing this, I would be looking at a router to sit in front of the Exchange server, rather than trying to get Windows to do the job.

The problem is Windows, not Exchange.

You can only have one default gateway, so even if you enable the other NIC and plug the connection in to it, all that is going to happen is Windows will get in a state and fill your event logs up with errors. In the event of a failure you would have to change the default gateway itself.

However there are routers that support dual WAN connections and can change the routing on the fly, and those would make a much better job. You could then leave a single default gateway on the Exchange server and not have to worry about network reconfigurations in the event of a failure.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.