Solved

ASA 5510 Config with Exchange NAT

Posted on 2011-03-15
10
857 Views
Last Modified: 2012-05-11
Hello,

We are installing exchange 2010 which co-exists with exchange 2007. Currently, our ASA rules are setup to allow SMTP and HTTPS on our external IP say... 74.x.x.50. This is the rule for exchange 2010.

Secondarily, 74.x.x.50 is natted to 192.168.1.12 (exchange 2010).

Simple question, is it possible for us to add my NEW exchange 2010 server to the same NAT rule?  IE 74.x.x.50 NAT translates to BOTH 192.168.1.12 AND 192.168.1.45 (exchange 2010).

If not - what is the preferred method?  Keep in mind exchange 2007 and exchange 2010 co-exist so traffic should not be affected to my exchange 2010 server until I turn doen excahnge 2010.

Thanks!

0
Comment
Question by:kmk2123
  • 5
  • 4
10 Comments
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 35137336
Ideally, All traffic should go to Exchagne 2007 in the initial time and then should cut over to exchagne 2010 once the environment is ready.

Cheerio
Shaba
0
 

Author Comment

by:kmk2123
ID: 35137393
Thanks Shaba,

yes - i understand that. But my NAT is pointing to .12 internally. I suppose I should just change that to the new IP when the environemnt is ready?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137406
That is not going to work, you can only PAT a port from one public to one private ip. How would the firewall know which internal address to use?
Was the idea to have the mail delivered to both servers or did you have something else in mind?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137458
Ah, missed your post when typing :-~

There is no problem in changing the internal address in the access list and NAT statement when you are ready to switch.
If you have more than one public address, you might consider setting up a second one to point to the new server and create a secondary MX record for that. Before making the switch, activate the second MX record. That way, when the new server is activated and the old one is still running you wouldn't loose any emails.
0
 

Author Comment

by:kmk2123
ID: 35137503
Well - our gateway will spool emails. So I am less concerned with that.

So I suppose, when exchange 2010 is ready,  I should just change the internal NAT IP and be done with it?  That seems like the best approach?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 35137535
Depends on the ASA version. If you have a version before 8.3 you just have to change the internal ip in the NAT statement (static blahdiblah, you know ;).
From 8.3 you might need to change some more.
0
 

Author Comment

by:kmk2123
ID: 35137555
Yes - I am running 8.0(5). I am good then it seems?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137578
Quite good :)
0
 

Author Closing Comment

by:kmk2123
ID: 35137583
Thanks!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137588
You're welcome, and thank you for the points.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Read this checklist to learn more about the 15 things you should never include in an email signature.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question