I have a working internal Lync server.
now I am going to setup the edge server in our DMZ.
Our DMZ is on a separate vlan/subnet than our internal but both go through the ASA 5510 firewall and they are routable to each other. Ports opened and blocked are customized to each server in DMZ.
We dont have any external IPs in DMZ, they are all NATed.
The way our internet is setup I can assign external IPs directly to the server, it has to be NATed.
My question is can setup a Lync Edge server with a single DMZ NIC with 4x (172...) IPS, 3 of which would have a external NAT to (64...), the 4th would be the server IP used to communicated with Internal 10.10... subnet (no NAT here)
As far as the DNS goes we have 2 zones, internal AD and external domain.com domains
The external zone is hosted on a outside DNS server BUT we do have a copy of it internally as well but with different IPs in the records.
Internal users on 10.10.... subnet will resolve the internal dmz 172... IP for *.domain.com records
External users will resolve the outside public NAT IP 64.... for *.domain.com records
If the setup MUST have 2 nics, then I can add a LAN nic with 10.10.... IP no GW, and DMZ nic with 3x 172... IPs that are NATed to 64.... In this case the LAN traffic wont go though the firewall, it will be local to the subnet.
But potential issue with this is that documentation says:
The internal and external subnets must not be routable to each other.
In my case DMZ is routable to LAN.
What is prefered?