Solved

CAS Proxy

Posted on 2014-12-28
17
98 Views
Last Modified: 2015-01-23
CAS Proxy how to configure it?
0
Comment
Question by:Exchange_Don
  • 3
  • 3
  • 3
  • +1
17 Comments
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40520606
what version of exchange?
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 200 total points
ID: 40521044
Based on your other question I am assuming this is also Exchange 2013.

Are you referring to a Reverse Proxy to publish CAS services? Or using CAS to proxy mail flow? Or possibly even Outlook Aynwhere?

I am assuming you are referring to a Reverse Proxy.

Most load balancers inherently have some form of reverse proxy in them. Some firewalls as well. You can even look at using ARR on top of IIS from Microsoft. ARR is a free add-in for IIS. All you would need is a Server license.
0
 
LVL 19

Accepted Solution

by:
Adam Farage earned 300 total points
ID: 40521263
If you are looking for a reverse proxy in Exchange 2013, it is not necessarily required. A great post to review would be this from the Exchange product group (http://blogs.technet.com/b/exchange/archive/2013/07/17/life-in-a-post-tmg-world-is-it-as-scary-as-you-think.aspx).

If you are trying to load balance and still want a proxy (that is low cost) you could always go with IIS AAR, and here are some instructions on how this works: http://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspx

There are three parts to this, but we can answer questions you may have after reviewing the materials.
0
 

Author Comment

by:Exchange_Don
ID: 40521394
CAS proxy is a process to make one particular server as internet facing server.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40521786

CAS proxy is a process to make one particular server as internet facing server.

No its not. The only thing you technically need to do to make a CAS internet facing is to allow TCP 25 (SMTP) and TCP 443 (HTTPS) through on the firewall, either through port forwarding or a NAT. A reverse proxy allows for additional security, but as the article above describes you do not need that security unless legal requires you too (such as compliance, HIPPA, ect).

If you want a reverse proxy, I would recommend IIS AAR as pointed out above.

If you want to have load balancing across multiple CAS and allow those to be internet facing, then you should NAT or Port Forward TCP 25 / TCP 443 to the VIP of the load balancer that is supporting the CAS role.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Exchange_Don
ID: 40525676
you all not able to understand what i mean to say, i am having 03 cas servers and i want to make 01 particular server as internet facing server so that all traffic must hit to that particular server in exchange 2013.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40525682
What is the business goal for this?

If it is to just protect the CAS servers then you should use IIS ARR or a load balancer as Adam and I already mentioned.
0
 

Author Comment

by:Exchange_Don
ID: 40525692
so if i apply cas nlb then will i be able to configure cas proxy.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40525708
Most load balancers will include some form of reverse proxy. For example a Kemp virtual/hardware load balancer will do reverse proxy. As will IIS ARR.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40525717
, i am having 03 cas servers and i want to make 01 particular server as internet facing server so that all traffic must hit to that particular server in exchange 2013.

Why? If they are in the same exact site, then (apologies if this comes off as rude or harsh) a horrible design choice. If the CAS are all within the same site, use a load balancer to LB the CAS and publish the NAT through the firewall. This will allow high availability in the event one of the CAS does break.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now