Exchange 2013 NAt query
Hi All
I'm new to Exchange 2013, and previously on Exchange 2010 we would Nat the Hub Transport server internal IP address for external email flow.
Which role do I need to NAT in Exchange 2013, and is there an easy way of doing it if I have more than one, without using a load balancer in front of them?
Thanks
Nick
I'm new to Exchange 2013, and previously on Exchange 2010 we would Nat the Hub Transport server internal IP address for external email flow.
Which role do I need to NAT in Exchange 2013, and is there an easy way of doing it if I have more than one, without using a load balancer in front of them?
Thanks
Nick
ASKER
So to confirm.
I have 2 x mailbox servers in a dag. Can I NAT through to the DAG IP address to cover both servers that way? Or if I get a load balancer I want to load balance the mailbox servers, and use DNS round robin for the CAS servers internally?
My architecture is 2 x CAS and 2 x MBX servers in a DAG.
I have 2 x mailbox servers in a dag. Can I NAT through to the DAG IP address to cover both servers that way? Or if I get a load balancer I want to load balance the mailbox servers, and use DNS round robin for the CAS servers internally?
My architecture is 2 x CAS and 2 x MBX servers in a DAG.
Hi,
I have the same configuration
Normaly the DAG IP address is a other internal IP range, i use DNS round robin it works perfect.
I have the same configuration
Normaly the DAG IP address is a other internal IP range, i use DNS round robin it works perfect.
What has been said about NAT-ing to the mailbox servers internally from the outside is false. Although Internally the mailbox role routes all mail when a message is sent to another mailbox internally (never touches CAS) when you are sending or receiving email from remote domains, they actually go through the CAS server first for Receiving email and last when someone internally send to an external domain.
The CAS role although does not route mail, per say, it does have a front end transport service that categorizes messages to and from the mailbox servers when the emails are from external domains or sending to external domains.
So when you setup your NAT-ing you are actually doing it to your CAS server. Although theoretically both roles should be installed on the same server as a best practice, if you were to physically separate them (for explanation purposes) you would actually NAT to the CAS server.
See the below link for additional details and also a complete transport disgram for CAS and Mailbox role.
https://technet.microsoft.com/en-us/library/aa996349(v=exchg.150).aspx
Will.
The CAS role although does not route mail, per say, it does have a front end transport service that categorizes messages to and from the mailbox servers when the emails are from external domains or sending to external domains.
So when you setup your NAT-ing you are actually doing it to your CAS server. Although theoretically both roles should be installed on the same server as a best practice, if you were to physically separate them (for explanation purposes) you would actually NAT to the CAS server.
See the below link for additional details and also a complete transport disgram for CAS and Mailbox role.
https://technet.microsoft.com/en-us/library/aa996349(v=exchg.150).aspx
Will.
ASKER
Hi Will
Thanks for the explanation. So to confirm, if we DNS around robined the mailbox servers internally, and then had the CAS servers load balanced correctly, we would NAT the LOADBALANCER IP address for external send and receive emails. The reason that they are separated is that I was going to use Windows NLB on the CAS servers originally, but now I'm testing a 3rd party LOADBALANCER for this purpose, and because we have a DAG I wouldn't of been able to install WNLB.
Thanks
Thanks for the explanation. So to confirm, if we DNS around robined the mailbox servers internally, and then had the CAS servers load balanced correctly, we would NAT the LOADBALANCER IP address for external send and receive emails. The reason that they are separated is that I was going to use Windows NLB on the CAS servers originally, but now I'm testing a 3rd party LOADBALANCER for this purpose, and because we have a DAG I wouldn't of been able to install WNLB.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The mailboxTransport-role is High Available by default, if you have 2 servers, and one fails, the other one have redundant copy of emails, and will resend.
BUT it is just the transport role that is HA by default, for Database role you'd need to set up Database Availability Groups. For CAS role you could use DNS load balancing, works okay - but a HW Load Balancer in front is recommended.
WIndows NLB is not (!)