Solved

configure Exchange 2013 for OWA

Posted on 2014-07-31
10
60 Views
Last Modified: 2015-11-12
I would like to know what needs to be configured  at the Firewall level ,such as NATTing so that external users can access Exchange OWA.
How is this configured at the Firewall level and on the Internal DNS and External DNS and on the Exchange CAS itself.

Thank you
0
Comment
Question by:jskfan
10 Comments
 
LVL 2

Expert Comment

by:Henry Dunn
ID: 40232856
Is this a coexistence with another version or is this a greenfield deployment of Exchange 2013?
0
 
LVL 2

Assisted Solution

by:Henry Dunn
Henry Dunn earned 100 total points
ID: 40232872
If it's coexistence, you simply change the IP for the existing settings.  Make sure the services in Exchange 2013 are configured to take over for the 2010 or 2007 CAS servers, that your certificates are installed and services properly configured.  A change of IPs on the firewall NATs should do the trick for external and for internal, the DNS record for the URL should be changed from the existing IP to the new Exchange 2013 CAS IP.  Hopefully that makes sense?
0
 

Author Comment

by:jskfan
ID: 40233356
This is brand new Exchange environment.
I need to know how email flows from outside to inside   while sending and when just viewing.
I know that there is an MX record on the internet DNS.
When sending from outside, the mail.company.com MX record will redirect the email to the company Firewall, that should have port 25 open, then there should be kind of NAT or something on the firewall that should tell any traffic coming on port 25 send it to Load balancer created between CAS servers, and one of the CAS server will proxy the email to  the right mailbox server where the mailbox of the recipient is located...

Well, I am describing this in non technical terms, but I need someone to tell me which devices and elements take part on this flow...

thanks
0
 
LVL 2

Expert Comment

by:Henry Dunn
ID: 40233375
You need to nat your OWA URL to the CAS VIP. So point mail.company.com to your firewall for the MX record and on the firewall point traffic for SMTP to your VIP for the CAS array.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 57

Accepted Solution

by:
Pete Long earned 200 total points
ID: 40233542
Let your Exchange serve rout on port 25;

Cisco ASA - Only Allow Mail Servers SMTP Outbound

Port forward Port 25 back in to the Exchange server;

Cisco PIX / ASA Port Forwarding

UNLESS of course the new exchange will have its own public IP then you need a static translation;

Add a Static (One to One) NAT Translation to a Cisco ASA 5500 Firewall

Then make sure your public mail records are set-up correctly;

Setting up the Correct DNS Records for your Web or Mail Server

Pete
0
 

Author Comment

by:jskfan
ID: 40235522
Well in Exchange environment there should be 2 CAS servers for Load Balancing.
**I believe we need to go to each CAS server and run the command:
New-ClientAccessArray –Name “Test” –Fqdn “Mycompany.com” –Site “Mysite”

**On DNS we need   to create an A record that points to Mycompany.com with IP address (VIP) ex:10.10.10.10

 **the Load Balancer should be configured to point to the VIP
**   we need to type this command for each Database in Exchange Organization:
Set-MailboxDatabase DB1 -RpcClientAccessServer “Mycompany.com”
Set-MailboxDatabase DB2 -RpcClientAccessServer “Mycompany.com”

I guess that 's it for CAS servers....Correct me If I am wrong...

Now when external user sends an email to an internal user...It will hit the MX record on the public DNS , example: mail.mycompany.com , this record points to the public address on the Outside interface of the Firewall, the firewall should receive this SMTP traffic on port 25, and in its turn will route it to the LoadBalancer (VIP), the load balancer will send  SMTP traffic to one of the CAS servers, which in its turn sends it to the right mailbox server where user mailbox is located.

*** Now I am not sure if we need to create OWA record in public DNS ??? if so should it be A record or CNAME record ,example:Mycompany.com , pointing to mail.company.com ?
because mailbox users  are supposed to type on the browser something simple like: mycompany.com, and will be able to reach the Exchange server via OWA.

***another dark area is , when accessing Exchange through OWA, does the traffic go through Loadbalancer to CAS server then to Mailbox server ? just the same way as when someone send email from outside to a user in Exchange server ?

Thanks
0
 
LVL 24

Assisted Solution

by:-MAS
-MAS earned 200 total points
ID: 40945538
You dont need to create CAS Array as you are running Exchange2013
CAS Array is supported only in Exchange2010 but the concept of single name space still exists
Please check this for details
http://exchangeserverpro.com/exchange-2013-client-access-server-high-availability/

For OWA you have to do a NAT to VIP of load balancer which will connect to one of the available CAS server and CAS server will communicate with mailbox server. In Exchange2013 CAS server is a stateless server. It is the interface to the client.

You have to create these records in external DNS.
mail.domain.com                  ---> External IP of Exchange
autodiscover.domain.com    ---> External IP of Exchange
0
 

Assisted Solution

by:jskfan
jskfan earned 0 total points
ID: 40988603
I will review the answer and get back with you
0
 

Author Closing Comment

by:jskfan
ID: 41232528
Thank you
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Resolve DNS query failed errors for Exchange
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now