OWA accessing 2003 through 2010

GreshAssoc
GreshAssoc used Ask the Experts™
on
I'm in the process of migrating to Exchange 2010 from 2003.  Most everything is up and rolling except for OWA.  Currently OWA has been set up to talk to the 2003 server.  In other words i can go to https://exchange2010.domain.com/owa and access any mailbox on my 2010 or 2003 servers internally.  I have valid Entrust SSL certificates on my 2010 server, and valid Start.com SSL on my 2003 server, both servers use ssl access only and forms based authentication.  I have A records for both servers on our dns.  If i redirect my firewall to point to the 2010 server i am able to access it from the outside web, i am able to access any mailbox on the 2010 server, however if i try to pull a mailbox from 2003 the URL redirects to https://exchange2003.domain.com/exchange and it comes back page not found.  I have also tried adding an IP range to my firewall- for instance my 2003 is .36, 2010 is .41, so my address range is 36-41 for the https rule.  I can still only access the 2010 server.  Currently the https traffic on the firewall is pointing to the Exchange 2003 server and it is working, but obviously i cant hit the 2010 accounts.  what am i missing here?  We are running a sonicwall 3500 with the enhanced os if that matters.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010

Commented:
you don't want to use a range on your sonicwall.  create your public IP address object for each server, then run the public server wizard for EACH public IP address for port 443.  you'll have to delete or modify the existing server so you can run the wizard for the new server.
Top Expert 2010

Commented:
sorry...the last bit wasn't clear.  since you've already have address objects, NAT Policies and Firewall Access Rules specifying the range, you'll need to edit that so it calls just ONE of the exchange servers and the respective WAN/LAN ip addresses.  THEN, run the public server wizard referencing the respective WAN/LAN ip addresses.

Author

Commented:
The way i was doing this was editing the address object for the Exchange 2003 server.  i simply changed that IP to the 2010 server.  This did allow me to access the 2010 server from the outside, but did not allow the 2010 to pull the 2003 content.  so you are saying that the wizard should correct that?  I'm concerned only because of the disaster that this sonicwall was to get up and running from the start- it replaced a pro 300 which was completely different.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2010

Commented:
NOTE: The first thing I would do is to put the sonicwall back to where you only have access to the Exchange 2003 server...the way it was originally.  Then, go to System > Settings and Export the settings and download the Current Firmware.  Downloading the current firmware will save the settings as well.  If you mess up, you can boot into Safe Mode and upload the firmware with current settings and get back to functional again.  Don't download the Current Firmware with Factory Defaults...that's not going to work so well for you.

i understand.  in the end, you'll want the sonicwall to have all the components for each server for external access.

Exchange 2010
Private IP Address Object
Public IP Address Object
NAT Policies (Typically three as the wizard creates ingress, egress and loopback)
Firewall Access Rules (One for WAN > LAN)

Exchange 2003
Private IP Address Object
Public IP Address Object
NAT Policies (Typically three as the wizard creates ingress, egress and loopback)
Firewall Access Rules (One for WAN > LAN)

Now, you already have the settings for one server.  I'd change things back so that it is exclusively access the Exchange 2003 server.  Then, delete any address objects you created that might reference the Exchange 2010 server as far as address object, firewall access rules or NAT policies.  You may only have a couple of address objects.

Then, run the public server wizard to setup public access for your Exchange 2010 server.  You want to make sure you reference the .41 public IP address.  This should do it.

Since the port 443 needs to be access by both servers, you need to put access for the Exchange servers on different public IP addresses.

Author

Commented:
I was figuring this would result in the need of a second external ip address.  My current sonicwall setup specifies a single wan interface IP - .202.  per our vendor we have a range of ip's - 200/29 with a .248 subnet mask.  You seem to know these firewalls very well- how would i change the firewall  to add another external ip? and would this require me to reconfigure all of my current policies / rules?  I'm really starting to miss my pro 300 right now.
Top Expert 2010
Commented:
you don't need to specify an additional public IP on the WAN interface.  this has been done for you based on the subnet mask and the public IP address you've assigned the WAN interface.  so, if the first three octets were (for instructional purposes only), 70.333.42.200/29, then i'd choose something between .203 and .206 as the public IP address for the 2010 Exchange server.

Author

Commented:
The public IP was the issue.  Thanks!!
Top Expert 2010

Commented:
you're welcome and thanks for the points!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial