Gang, Im currently dealing with an environment that has exchange 2003 and exch 2010 co-existing. Since exchange 2010 does not advise placing CAS servers in the DMZ they just have a NAT for their CAS boxes to the outside allowing multiple protocols i.e. owa, autodiscover, pop, etc.
Now we are concerned with Security, as the NAT is not ideal? What would you suggest? The exchange edge role or ForeFront, or separate DMZ or? What is best practice with least intrusion ?