Mapping 1 public IP to 2 Internal IP's

Hi,

We have a cisco ASA firewall protecting an MS 2003 Exchange server in a private network.  We use external SMTP smarthosts to forward our e-mals.  All these smarthosts are currently being pointed at our public IP address which in turn is being statically Nated to  the private IP address of the Exchange server.

We have added a new MS 2007 Exchange server to the mix (same subnet). Both servers are in migration mode.

What I want to know is:

What is the best practice to allow this to work. Can I do a NAT rule that will allow the same public IP address to point to an additional private IP address (the exchange 2007 server)

Current NAT entry:

Static      Exchange-2003-172.16.1.1      outside      12.49.3.224
Thirst4KnowledgeAsked:
Who is Participating?
 
Jody LemoineNetwork ArchitectCommented:
If you go with the port-based forwarding, you can start switching services over slowly rather than doing one hard cut-over, but you're absolutely right about the two servers transparently communicating.  That's one of the really nice things about Exchange.
0
 
Jody LemoineNetwork ArchitectCommented:
If you switch to port-based forwarding rather than IP-based forwarding, you can definitely address more than one internal server.

Rather than using a statement like this:

static (inside,outside) 12.49.3.224 172.16.1.1 netmask 255.255.255.255

You would make and entry for each port and protocol you'd like forwarded...  so if you want SMTP to forward to one address and IMAP4 to forward to another, you would use something like this:

static (inside,outside) tcp 12.49.3.224 smtp 172.16.1.1 smtp netmask 255.255.255.255
static (inside,outside) tcp 12.49.3.224 143 172.16.1.2 143 netmask 255.255.255.255
0
 
Thirst4KnowledgeAuthor Commented:
so in my case would I need to do:

static (inside,outside) tcp 12.49.3.224 smtp 172.16.1.1 smtp netmask 255.255.255.255
static (inside,outside) tcp 12.49.3.224 smtp 172.16.1.2 smtp netmask 255.255.255.255

172.16.1.1 (exchange 2003 server)
172.16.1.2(Exchange 2007 server)

also would I need to remove the original static nat statement ?



0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

 
Jody LemoineNetwork ArchitectCommented:
Exactly.
0
 
Jody LemoineNetwork ArchitectCommented:
Whoops... didn't read carefully.  Sorry about that.

You can't have the same protocol bound to the same external IP address and going to two different destinations.  This solution will let you get more granular and send different ports to different internal hosts, but you're just not going to be able to get the same port/protocol to go to two different hosts.

What is it that you're trying to accomplish at a higher level?  Maybe there's another way around the problem.
0
 
Thirst4KnowledgeAuthor Commented:
"What is it that you're trying to accomplish at a higher level?  Maybe there's another way around the problem."

Great question

I am trying to be proactive, but this may not be needed at all.  I am worried that as we migrate users that there will be issues with the mail because they will be sitting on a different server with a different IP address (which wont have the static public IP address mapped to it)

I just thought that there must be allot of people out there who have gone through the same migration of exchange servers who have had to deal with the cross over period
0
 
Thirst4KnowledgeAuthor Commented:
one more thing..

it may be the case that nothing needs to be done until we totally retire the old exchange server as I believe in migration mode the e-mails are handed from one to the other (exchange 2003 being the primary)
0
 
Thirst4KnowledgeAuthor Commented:
Thanks for the help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.