Solved

configure Exchange 2013 for OWA

Posted on 2014-07-31
10
81 Views
Last Modified: 2015-11-12
I would like to know what needs to be configured  at the Firewall level ,such as NATTing so that external users can access Exchange OWA.
How is this configured at the Firewall level and on the Internal DNS and External DNS and on the Exchange CAS itself.

Thank you
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 2

Expert Comment

by:Henry Dunn
ID: 40232856
Is this a coexistence with another version or is this a greenfield deployment of Exchange 2013?
0
 
LVL 2

Assisted Solution

by:Henry Dunn
Henry Dunn earned 100 total points
ID: 40232872
If it's coexistence, you simply change the IP for the existing settings.  Make sure the services in Exchange 2013 are configured to take over for the 2010 or 2007 CAS servers, that your certificates are installed and services properly configured.  A change of IPs on the firewall NATs should do the trick for external and for internal, the DNS record for the URL should be changed from the existing IP to the new Exchange 2013 CAS IP.  Hopefully that makes sense?
0
 

Author Comment

by:jskfan
ID: 40233356
This is brand new Exchange environment.
I need to know how email flows from outside to inside   while sending and when just viewing.
I know that there is an MX record on the internet DNS.
When sending from outside, the mail.company.com MX record will redirect the email to the company Firewall, that should have port 25 open, then there should be kind of NAT or something on the firewall that should tell any traffic coming on port 25 send it to Load balancer created between CAS servers, and one of the CAS server will proxy the email to  the right mailbox server where the mailbox of the recipient is located...

Well, I am describing this in non technical terms, but I need someone to tell me which devices and elements take part on this flow...

thanks
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 2

Expert Comment

by:Henry Dunn
ID: 40233375
You need to nat your OWA URL to the CAS VIP. So point mail.company.com to your firewall for the MX record and on the firewall point traffic for SMTP to your VIP for the CAS array.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 200 total points
ID: 40233542
Let your Exchange serve rout on port 25;

Cisco ASA - Only Allow Mail Servers SMTP Outbound

Port forward Port 25 back in to the Exchange server;

Cisco PIX / ASA Port Forwarding

UNLESS of course the new exchange will have its own public IP then you need a static translation;

Add a Static (One to One) NAT Translation to a Cisco ASA 5500 Firewall

Then make sure your public mail records are set-up correctly;

Setting up the Correct DNS Records for your Web or Mail Server

Pete
0
 

Author Comment

by:jskfan
ID: 40235522
Well in Exchange environment there should be 2 CAS servers for Load Balancing.
**I believe we need to go to each CAS server and run the command:
New-ClientAccessArray –Name “Test” –Fqdn “Mycompany.com” –Site “Mysite”

**On DNS we need   to create an A record that points to Mycompany.com with IP address (VIP) ex:10.10.10.10

 **the Load Balancer should be configured to point to the VIP
**   we need to type this command for each Database in Exchange Organization:
Set-MailboxDatabase DB1 -RpcClientAccessServer “Mycompany.com”
Set-MailboxDatabase DB2 -RpcClientAccessServer “Mycompany.com”

I guess that 's it for CAS servers....Correct me If I am wrong...

Now when external user sends an email to an internal user...It will hit the MX record on the public DNS , example: mail.mycompany.com , this record points to the public address on the Outside interface of the Firewall, the firewall should receive this SMTP traffic on port 25, and in its turn will route it to the LoadBalancer (VIP), the load balancer will send  SMTP traffic to one of the CAS servers, which in its turn sends it to the right mailbox server where user mailbox is located.

*** Now I am not sure if we need to create OWA record in public DNS ??? if so should it be A record or CNAME record ,example:Mycompany.com , pointing to mail.company.com ?
because mailbox users  are supposed to type on the browser something simple like: mycompany.com, and will be able to reach the Exchange server via OWA.

***another dark area is , when accessing Exchange through OWA, does the traffic go through Loadbalancer to CAS server then to Mailbox server ? just the same way as when someone send email from outside to a user in Exchange server ?

Thanks
0
 
LVL 25

Assisted Solution

by:-MAS
-MAS earned 200 total points
ID: 40945538
You dont need to create CAS Array as you are running Exchange2013
CAS Array is supported only in Exchange2010 but the concept of single name space still exists
Please check this for details
http://exchangeserverpro.com/exchange-2013-client-access-server-high-availability/

For OWA you have to do a NAT to VIP of load balancer which will connect to one of the available CAS server and CAS server will communicate with mailbox server. In Exchange2013 CAS server is a stateless server. It is the interface to the client.

You have to create these records in external DNS.
mail.domain.com                  ---> External IP of Exchange
autodiscover.domain.com    ---> External IP of Exchange
0
 

Assisted Solution

by:jskfan
jskfan earned 0 total points
ID: 40988603
I will review the answer and get back with you
0
 

Author Closing Comment

by:jskfan
ID: 41232528
Thank you
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question