Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1273
  • Last Modified:

Multiple domains, multiple exchange servers SAME subnet

I have two domains with their own exchange servers with real world IP addresses mapped inside to a single ASA.  One domain has an inside IP of x.x.5.2 and the other x.x.5.26
Mail will not travel between these two mail servers because, I think, the exchange servers are set to resolve from external DNS's.  Sooo, when you send mail, it bounces because the external IPs are already mapped inside.  It can't go outside and back inside to deliver mail.  Tracert fails on first hop.  If this is not something I can resolve via exchange 2003 and exchange 2007 and I should repost to a DNS area, please advise and I apologize.
David Bird
David Bird
1 Solution
Chris DentPowerShell DeveloperCommented:

You have a few options open to you here:

1. Fix the Firewall Configuration, will need NAT loopback. I can't give you instructions on that.
2. Create SMTP Connectors from one mail system to the other. Bypasses MX Record lookup, direct delivery for specific address spaces between the two systems.
3. Create an internal only MX record for each mail domain.

The second would seem like the best choice from my point of view, the third is entirely possible but carries a higher administrative cost.

Hi I would definitely do what Chris proposed in point 2.

However having the exchange servers using external DNS is not a good idea since they should be able to communicate with the DNS server hosting their active directory zone.

These are seperate Exchange Orzganizations? So I am assuming seperate AD Firests too :) Am I right here.....
Create seperate Send Connector on each Exchange Orgs pointing to each Exhange server for smart host for delivery. Same as Chris!
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

David BirdPartnerAuthor Commented:
My apologies.  I am "learning" more about send connectors as they seem to be associated with smart hosts to handle ALL mail instead of internal routing.  Most of the threads I've read from MS and from third parties are saying the same thing. A Send connector, whether it's a routing or all, still thinks mail is being sent to a device that will handle all routing.  I simply want mail from two individual domains and two separate/individual exchange servers inside the same subnet but valid External IP addresses through a single cisco ASA to allow traffic to pass properly.  All comments are valuable, I'm just not educated enough on how to create an internal connector between two servers as of yet.  Please don't show this issue as closed or abandoned.  
Chris DentPowerShell DeveloperCommented:
Hi Daver,

The Address Space tab on the SMTP Connector properties allows you to specify a set of, or a single domain name. That means you can create a number of different SMTP connectors, each handling mail for different outbound domains.

It works well in this scenario because you can have one SMTP Connector to deal with mail to @domain2.com (which forwards to the second Exchange server), and another to handle everything else (using * as the address space).

Pictures might help... look at this article:


Head down to the point he has the Address Space tab open. You'll see he has contoso.com in there, that means the connector will only deal with mail sent to that domain from the local Exchange server.

If you want to explore the ASA then the request needs to be in a different topic area. I'll happily link it up and send out alerts if you wish?

David BirdPartnerAuthor Commented:
Thank you for everyones qualified input and quick responses!

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now