Solved

ASA 5510 Config with Exchange NAT

Posted on 2011-03-15
10
850 Views
Last Modified: 2012-05-11
Hello,

We are installing exchange 2010 which co-exists with exchange 2007. Currently, our ASA rules are setup to allow SMTP and HTTPS on our external IP say... 74.x.x.50. This is the rule for exchange 2010.

Secondarily, 74.x.x.50 is natted to 192.168.1.12 (exchange 2010).

Simple question, is it possible for us to add my NEW exchange 2010 server to the same NAT rule?  IE 74.x.x.50 NAT translates to BOTH 192.168.1.12 AND 192.168.1.45 (exchange 2010).

If not - what is the preferred method?  Keep in mind exchange 2007 and exchange 2010 co-exist so traffic should not be affected to my exchange 2010 server until I turn doen excahnge 2010.

Thanks!

0
Comment
Question by:kmk2123
  • 5
  • 4
10 Comments
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 35137336
Ideally, All traffic should go to Exchagne 2007 in the initial time and then should cut over to exchagne 2010 once the environment is ready.

Cheerio
Shaba
0
 

Author Comment

by:kmk2123
ID: 35137393
Thanks Shaba,

yes - i understand that. But my NAT is pointing to .12 internally. I suppose I should just change that to the new IP when the environemnt is ready?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137406
That is not going to work, you can only PAT a port from one public to one private ip. How would the firewall know which internal address to use?
Was the idea to have the mail delivered to both servers or did you have something else in mind?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137458
Ah, missed your post when typing :-~

There is no problem in changing the internal address in the access list and NAT statement when you are ready to switch.
If you have more than one public address, you might consider setting up a second one to point to the new server and create a secondary MX record for that. Before making the switch, activate the second MX record. That way, when the new server is activated and the old one is still running you wouldn't loose any emails.
0
 

Author Comment

by:kmk2123
ID: 35137503
Well - our gateway will spool emails. So I am less concerned with that.

So I suppose, when exchange 2010 is ready,  I should just change the internal NAT IP and be done with it?  That seems like the best approach?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 35137535
Depends on the ASA version. If you have a version before 8.3 you just have to change the internal ip in the NAT statement (static blahdiblah, you know ;).
From 8.3 you might need to change some more.
0
 

Author Comment

by:kmk2123
ID: 35137555
Yes - I am running 8.0(5). I am good then it seems?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137578
Quite good :)
0
 

Author Closing Comment

by:kmk2123
ID: 35137583
Thanks!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137588
You're welcome, and thank you for the points.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange2010 test connectivity error 4 32
Exchange 2010 SP3 Enterprise - Remote Powershell 7 42
exchange, outlook 2 28
Exchange 2010 SP3 and Outlook 2003 7 31
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now