configure Exchange 2013 for OWA

I would like to know what needs to be configured  at the Firewall level ,such as NATTing so that external users can access Exchange OWA.
How is this configured at the Firewall level and on the Internal DNS and External DNS and on the Exchange CAS itself.

Thank you
jskfanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Henry DunnCommented:
Is this a coexistence with another version or is this a greenfield deployment of Exchange 2013?
0
Henry DunnCommented:
If it's coexistence, you simply change the IP for the existing settings.  Make sure the services in Exchange 2013 are configured to take over for the 2010 or 2007 CAS servers, that your certificates are installed and services properly configured.  A change of IPs on the firewall NATs should do the trick for external and for internal, the DNS record for the URL should be changed from the existing IP to the new Exchange 2013 CAS IP.  Hopefully that makes sense?
0
jskfanAuthor Commented:
This is brand new Exchange environment.
I need to know how email flows from outside to inside   while sending and when just viewing.
I know that there is an MX record on the internet DNS.
When sending from outside, the mail.company.com MX record will redirect the email to the company Firewall, that should have port 25 open, then there should be kind of NAT or something on the firewall that should tell any traffic coming on port 25 send it to Load balancer created between CAS servers, and one of the CAS server will proxy the email to  the right mailbox server where the mailbox of the recipient is located...

Well, I am describing this in non technical terms, but I need someone to tell me which devices and elements take part on this flow...

thanks
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Henry DunnCommented:
You need to nat your OWA URL to the CAS VIP. So point mail.company.com to your firewall for the MX record and on the firewall point traffic for SMTP to your VIP for the CAS array.
0
Pete LongTechnical ConsultantCommented:
Let your Exchange serve rout on port 25;

Cisco ASA - Only Allow Mail Servers SMTP Outbound

Port forward Port 25 back in to the Exchange server;

Cisco PIX / ASA Port Forwarding

UNLESS of course the new exchange will have its own public IP then you need a static translation;

Add a Static (One to One) NAT Translation to a Cisco ASA 5500 Firewall

Then make sure your public mail records are set-up correctly;

Setting up the Correct DNS Records for your Web or Mail Server

Pete
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
Well in Exchange environment there should be 2 CAS servers for Load Balancing.
**I believe we need to go to each CAS server and run the command:
New-ClientAccessArray –Name “Test” –Fqdn “Mycompany.com” –Site “Mysite”

**On DNS we need   to create an A record that points to Mycompany.com with IP address (VIP) ex:10.10.10.10

 **the Load Balancer should be configured to point to the VIP
**   we need to type this command for each Database in Exchange Organization:
Set-MailboxDatabase DB1 -RpcClientAccessServer “Mycompany.com”
Set-MailboxDatabase DB2 -RpcClientAccessServer “Mycompany.com”

I guess that 's it for CAS servers....Correct me If I am wrong...

Now when external user sends an email to an internal user...It will hit the MX record on the public DNS , example: mail.mycompany.com , this record points to the public address on the Outside interface of the Firewall, the firewall should receive this SMTP traffic on port 25, and in its turn will route it to the LoadBalancer (VIP), the load balancer will send  SMTP traffic to one of the CAS servers, which in its turn sends it to the right mailbox server where user mailbox is located.

*** Now I am not sure if we need to create OWA record in public DNS ??? if so should it be A record or CNAME record ,example:Mycompany.com , pointing to mail.company.com ?
because mailbox users  are supposed to type on the browser something simple like: mycompany.com, and will be able to reach the Exchange server via OWA.

***another dark area is , when accessing Exchange through OWA, does the traffic go through Loadbalancer to CAS server then to Mailbox server ? just the same way as when someone send email from outside to a user in Exchange server ?

Thanks
0
MAS (MVE)EE Solution GuideCommented:
You dont need to create CAS Array as you are running Exchange2013
CAS Array is supported only in Exchange2010 but the concept of single name space still exists
Please check this for details
http://exchangeserverpro.com/exchange-2013-client-access-server-high-availability/

For OWA you have to do a NAT to VIP of load balancer which will connect to one of the available CAS server and CAS server will communicate with mailbox server. In Exchange2013 CAS server is a stateless server. It is the interface to the client.

You have to create these records in external DNS.
mail.domain.com                  ---> External IP of Exchange
autodiscover.domain.com    ---> External IP of Exchange
0
jskfanAuthor Commented:
I will review the answer and get back with you
0
jskfanAuthor Commented:
Thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.