Trying to setup Active sync on Exchange 2013 to coexist with 2007

In order to leave our current Exchange 2007 setup intact we have create a new namespace
email.XXXXX.com  All VD for owa and active sync are pointing to it in new 2013 setup

Email.XXXXXX.com resolves to a public number that hits our Firewall and the Firewall passes traffic to internal internal network.  I have verified with Firewall tech support via packet capture that the 443 traffic hits the firewall on the public side and it passes it off to private side.

Running Wireshark on both production NIC and NLB NIC on one of the cas servers the traffic never gets there.  I cannot explain what is going on.  Microsoft support is blaming firewall but I now have packet caps that prove the traffic is being sent from firewall to private side it just never gets there according to wireshark.  The new name space is ping-able by name and number internally.  I am kind of at my wits end here as to is happening..........PLEASE HELP!
jgutierr76Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jrlingamCommented:
In order to confirm that firewall is not causing the issue, the best option is to remove the firewall and point the public network to directly hit the CAS servers. This will work in most cases.

Microsoft support will not accept to provide any further support until you by pass the firewall and directly route the traffic to CAS servers and still face the issue.

Also provide your wireshark traces to the firewall / network teams and ask them to check if any blocking is happening. They will be able to better analyse the network traces.
SteveCommented:
few thing to query:

Is the new namespace 'Email.XXXXXX.com' resolving to a new public IP address, leaving the original namespace to resolve to it's original (but different) public IP?

on one of the cas servers
When you mention the traffic doesn't reach ONE of the servers, do you mean it reaches the other OK, or just that you have only tested one server?

and it passes it off to private side.
As you have successfully seen the incoming packets on the inside of the firewall, have a look at the packets in wireshark and check the IP they are being forwarded to. If this IP is wrong it wont reach the servers.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.