Solved

ASA 5510 Config with Exchange NAT

Posted on 2011-03-15
10
839 Views
Last Modified: 2012-05-11
Hello,

We are installing exchange 2010 which co-exists with exchange 2007. Currently, our ASA rules are setup to allow SMTP and HTTPS on our external IP say... 74.x.x.50. This is the rule for exchange 2010.

Secondarily, 74.x.x.50 is natted to 192.168.1.12 (exchange 2010).

Simple question, is it possible for us to add my NEW exchange 2010 server to the same NAT rule?  IE 74.x.x.50 NAT translates to BOTH 192.168.1.12 AND 192.168.1.45 (exchange 2010).

If not - what is the preferred method?  Keep in mind exchange 2007 and exchange 2010 co-exist so traffic should not be affected to my exchange 2010 server until I turn doen excahnge 2010.

Thanks!

0
Comment
Question by:kmk2123
  • 5
  • 4
10 Comments
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 35137336
Ideally, All traffic should go to Exchagne 2007 in the initial time and then should cut over to exchagne 2010 once the environment is ready.

Cheerio
Shaba
0
 

Author Comment

by:kmk2123
ID: 35137393
Thanks Shaba,

yes - i understand that. But my NAT is pointing to .12 internally. I suppose I should just change that to the new IP when the environemnt is ready?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137406
That is not going to work, you can only PAT a port from one public to one private ip. How would the firewall know which internal address to use?
Was the idea to have the mail delivered to both servers or did you have something else in mind?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137458
Ah, missed your post when typing :-~

There is no problem in changing the internal address in the access list and NAT statement when you are ready to switch.
If you have more than one public address, you might consider setting up a second one to point to the new server and create a secondary MX record for that. Before making the switch, activate the second MX record. That way, when the new server is activated and the old one is still running you wouldn't loose any emails.
0
 

Author Comment

by:kmk2123
ID: 35137503
Well - our gateway will spool emails. So I am less concerned with that.

So I suppose, when exchange 2010 is ready,  I should just change the internal NAT IP and be done with it?  That seems like the best approach?
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 35137535
Depends on the ASA version. If you have a version before 8.3 you just have to change the internal ip in the NAT statement (static blahdiblah, you know ;).
From 8.3 you might need to change some more.
0
 

Author Comment

by:kmk2123
ID: 35137555
Yes - I am running 8.0(5). I am good then it seems?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137578
Quite good :)
0
 

Author Closing Comment

by:kmk2123
ID: 35137583
Thanks!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35137588
You're welcome, and thank you for the points.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now