I am in the midst of an Exchange 2010 upgrade, we are going to be running Exchange in a VMware vSphere 4 environment. Our organization has about 60 employee's and we want to use OWA, as well as Outlook Anywhere.
We like to know our information is secure, which is why I want to use Edge Transport Server. However, we only really have one firewall appliance it is a Cisco ASA 5510. What I would like to know is the literature recommends a perimeter network for the Edge Server and it then talks to the Hub Transport server through another firewall initiating a secure LDAP connection.
Do I need two firewall appliances to do this? Or can I just port forward SMTP traffic to the Edge Transport server if I use a different port on the ASA plugged directly into the Edge Server? And have all other traffic go in and out of another port on an internal network?
For example, if I have Eth 0/0 on a 10 network, internally can I have all internet traffic but SMTP (25) forwarded internally. Then on Eth 0/1 have a 172 network for just SMTP port 25 traffic to be sent to in turn Eth 0/1 would be plugged directly into the Edge Server.
Then the plan because we are smaller would be to have the CAS, HUB on one server and the MBOX Data on another. Please correct me if I am wrong or something doesn't sound right as this is my first Exchange implementation on this scale.