Exchange 2013 NAt query

Hi All

I'm new to Exchange 2013, and previously on Exchange 2010 we would Nat the Hub Transport server internal IP address for external email flow.

Which role do I need to NAT in Exchange 2013, and is there an easy way of doing it if I have more than one, without using a load balancer in front of them?


Fing wongAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jakob DigranesSenior ConsultantCommented:
Mail Transport is now collocated with the Mailbox Role.
The mailboxTransport-role is High Available by default, if you have 2 servers, and one fails, the other one have redundant copy of emails, and will resend.
BUT it is just the transport role that is HA by default, for Database role you'd need to set up Database Availability Groups. For CAS role you could use DNS load balancing, works okay - but a HW Load Balancer in front is recommended.

WIndows NLB is not (!)
Fing wongAuthor Commented:
So to confirm.

I have 2 x mailbox servers in a dag. Can I NAT through to the DAG IP address to cover both servers that way? Or if I get a load balancer I want to load balance the mailbox servers, and use DNS round robin for the CAS servers internally?

My architecture is 2 x CAS and 2 x MBX servers in a DAG.
manuverhaegenSystem & Storage AdminCommented:

I have the same configuration
Normaly the DAG IP address is a other internal IP range, i use DNS round robin it works perfect.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Will SzymkowskiSenior Solution ArchitectCommented:
What has been said about NAT-ing to the mailbox servers internally from the outside is false. Although Internally the mailbox role routes all mail when a message is sent to another mailbox internally (never touches CAS) when you are sending or receiving email from remote domains, they actually go through the CAS server first for Receiving email and last when someone internally send to an external domain.

The CAS role although does not route mail, per say, it does have a front end transport service that categorizes messages to and from the mailbox servers when the emails are from external domains or sending to external domains.

So when you setup your NAT-ing you are actually doing it to your CAS server. Although theoretically both roles should be installed on the same server as a best practice, if you were to physically separate them (for explanation purposes) you would actually NAT to the CAS server.

See the below link for additional details and also a complete transport disgram for CAS and Mailbox role.

Fing wongAuthor Commented:
Hi Will

Thanks for the explanation.  So to confirm, if we DNS around robined the mailbox servers internally, and then had the CAS servers load balanced correctly, we would NAT the LOADBALANCER IP address for external send and receive emails. The reason that they are separated is that I was going to use Windows NLB on the CAS servers originally, but now I'm testing a 3rd party LOADBALANCER for this purpose, and because we have a DAG I wouldn't of been able to install WNLB.

Will SzymkowskiSenior Solution ArchitectCommented:
You do not load balance the Mailbox servers. The HA for Routing mail internally is done automatically when you have 2 or more mailbox servers in your AD site. All you need to do is load balance CAS aspect of Exchange. Users still need to use CAS for availability services (autodiscover,ews,owa,oab etc). Because CAS is the internet facing role this is why anything sent or received from the Outside needs to go through the CAS server (Front End Transport).

In eariler versions of Exchange 2007/2010 where most people configured CAS/HUB (on the same server) and Mailbox on its own server. Everytime someone send an email Internally or externally it always had to go through the Hub Transport Server (rules/routing etc) and then get sent to the mailbox. You can see how this setup can be inefficient if you were sending mail to another mailbox that resides on the same mailbox database or even on the same server. That is why the core transport services reside on Exchange 2013 Mailbox Server role now.

As for WNLB, i think you have made a wise choice to go with a different solution Layer4 or Layer7 load balancer. WNLB is not recommended for production envrionment. I have only used this in a test lab and it is mediocre at best.

If you are just starting your Exchange 2013 implementation I would recommend having your CAS role also on your mailbox server as well, as this is now a best practice and it will save on licensing costs.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.