Solved

ASA 5510 Config with Exchange NAT

Posted on 2011-03-15
10
877 Views
Last Modified: 2012-05-11
Hello,

We are installing exchange 2010 which co-exists with exchange 2007. Currently, our ASA rules are setup to allow SMTP and HTTPS on our external IP say... 74.x.x.50. This is the rule for exchange 2010.

Secondarily, 74.x.x.50 is natted to 192.168.1.12 (exchange 2010).

Simple question, is it possible for us to add my NEW exchange 2010 server to the same NAT rule?  IE 74.x.x.50 NAT translates to BOTH 192.168.1.12 AND 192.168.1.45 (exchange 2010).

If not - what is the preferred method?  Keep in mind exchange 2007 and exchange 2010 co-exist so traffic should not be affected to my exchange 2010 server until I turn doen excahnge 2010.

Thanks!

0
Comment
Question by:kmk2123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 35137336
Ideally, All traffic should go to Exchagne 2007 in the initial time and then should cut over to exchagne 2010 once the environment is ready.

Cheerio
Shaba
0
 

Author Comment

by:kmk2123
ID: 35137393
Thanks Shaba,

yes - i understand that. But my NAT is pointing to .12 internally. I suppose I should just change that to the new IP when the environemnt is ready?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137406
That is not going to work, you can only PAT a port from one public to one private ip. How would the firewall know which internal address to use?
Was the idea to have the mail delivered to both servers or did you have something else in mind?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137458
Ah, missed your post when typing :-~

There is no problem in changing the internal address in the access list and NAT statement when you are ready to switch.
If you have more than one public address, you might consider setting up a second one to point to the new server and create a secondary MX record for that. Before making the switch, activate the second MX record. That way, when the new server is activated and the old one is still running you wouldn't loose any emails.
0
 

Author Comment

by:kmk2123
ID: 35137503
Well - our gateway will spool emails. So I am less concerned with that.

So I suppose, when exchange 2010 is ready,  I should just change the internal NAT IP and be done with it?  That seems like the best approach?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 35137535
Depends on the ASA version. If you have a version before 8.3 you just have to change the internal ip in the NAT statement (static blahdiblah, you know ;).
From 8.3 you might need to change some more.
0
 

Author Comment

by:kmk2123
ID: 35137555
Yes - I am running 8.0(5). I am good then it seems?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137578
Quite good :)
0
 

Author Closing Comment

by:kmk2123
ID: 35137583
Thanks!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137588
You're welcome, and thank you for the points.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question