<div>
<div class="content wysiwyg-content">
Gang, Im currently dealing with an environment that has exchange 2003 and exch 2010 co-existing. Since exchange 2010 does not advise placing CAS servers in the DMZ they just have a NAT for their CAS boxes to the outside allowing multiple protocols i.e. owa, autodiscover, pop, etc. <br />
Now we are concerned with Security, as the NAT is not ideal? What would you suggest? The exchange edge role or ForeFront, or separate DMZ or? What is best practice with least intrusion ? <br />

</div>
</div>


Gang, Im currently dealing with an environment that has exchange 2003 and exch 2010 co-existing. Since exchange 2010 does not advise placing CAS servers in the DMZ they just have a NAT for their CAS boxes to the outside allowing multiple protocols i.e. owa, autodiscover, pop, etc. 
Now we are concerned with Security, as the NAT is not ideal? What would you suggest? The exchange edge role or ForeFront, or separate DMZ or? What is best practice with least intrusion ? 


Exchange 2010 internet facing security advice

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.