?
Solved

ASA 5510 Config with Exchange NAT

Posted on 2011-03-15
10
Medium Priority
?
883 Views
Last Modified: 2012-05-11
Hello,

We are installing exchange 2010 which co-exists with exchange 2007. Currently, our ASA rules are setup to allow SMTP and HTTPS on our external IP say... 74.x.x.50. This is the rule for exchange 2010.

Secondarily, 74.x.x.50 is natted to 192.168.1.12 (exchange 2010).

Simple question, is it possible for us to add my NEW exchange 2010 server to the same NAT rule?  IE 74.x.x.50 NAT translates to BOTH 192.168.1.12 AND 192.168.1.45 (exchange 2010).

If not - what is the preferred method?  Keep in mind exchange 2007 and exchange 2010 co-exist so traffic should not be affected to my exchange 2010 server until I turn doen excahnge 2010.

Thanks!

0
Comment
Question by:kmk2123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 35137336
Ideally, All traffic should go to Exchagne 2007 in the initial time and then should cut over to exchagne 2010 once the environment is ready.

Cheerio
Shaba
0
 

Author Comment

by:kmk2123
ID: 35137393
Thanks Shaba,

yes - i understand that. But my NAT is pointing to .12 internally. I suppose I should just change that to the new IP when the environemnt is ready?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137406
That is not going to work, you can only PAT a port from one public to one private ip. How would the firewall know which internal address to use?
Was the idea to have the mail delivered to both servers or did you have something else in mind?
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137458
Ah, missed your post when typing :-~

There is no problem in changing the internal address in the access list and NAT statement when you are ready to switch.
If you have more than one public address, you might consider setting up a second one to point to the new server and create a secondary MX record for that. Before making the switch, activate the second MX record. That way, when the new server is activated and the old one is still running you wouldn't loose any emails.
0
 

Author Comment

by:kmk2123
ID: 35137503
Well - our gateway will spool emails. So I am less concerned with that.

So I suppose, when exchange 2010 is ready,  I should just change the internal NAT IP and be done with it?  That seems like the best approach?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 35137535
Depends on the ASA version. If you have a version before 8.3 you just have to change the internal ip in the NAT statement (static blahdiblah, you know ;).
From 8.3 you might need to change some more.
0
 

Author Comment

by:kmk2123
ID: 35137555
Yes - I am running 8.0(5). I am good then it seems?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137578
Quite good :)
0
 

Author Closing Comment

by:kmk2123
ID: 35137583
Thanks!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137588
You're welcome, and thank you for the points.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question