Link to home
Start Free TrialLog in
Avatar of Terellion
TerellionFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Exchange 2013 - NLB for Inbound Mail

Hi there,

We have installed and configured Exchange 2013 in our environment (3 CAS Servers and 3 Mailbox Servers) and all is working well so far.

However 2 CAS Servers are in our main site and 1 CAS Server is in a DR site.

We have NLB set up for these 3 CAS servers (IP 192.168.1.1), for our inbound mail (Which goes via a third party), there are 2 routes set up on the third party to send email internally (1 via the main site and 1 for the DR site) but both set up to go to the NLB address internally.

Often we get incomplete packets in the firewall logs as there are 2 rules set up to forward to the same IP internally but from 2 external sources if that makes sense.

Main Site
3rd Party >>>>>>>>>> CAS01 or CAS02

Offsite DR
3rd Party>>>>>>>>>>>CAS03

Do you know if there is a better way of setting this up so email can come in via either route but not show up as incomplete?

Many Thanks!
ASKER CERTIFIED SOLUTION
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Terellion

ASKER

Hi Will,

At the minute NLB works internally across both sites (i.e I can disable the NLB NIC's on CAS01 and CAS02 to force clients to use CAS03 via the NLB Name "CAS") and it works fine.

Using WNLB and static ARP Entries on the switches on both sites, the only solution I can think of for receiving email is to set up 1 external IP address for each CAS server and then have failover set up in the 3rd party (message labs) if 1 route internally doesn't work then to use another?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi Will,

We have a DAG set up and 1 of the database copies is in the DR site so we need it to work in conjunction with the main site (i.e we lose the main site but DR is still functioning they can still use the Load balanced IP to connect to the CAS and Mailbox server in the DR site if that makes sense, this has been tested and continues to work in DR only mode)

Just wanted mail inbound to be coming through both sites really but to the same Load balanced IP, sounding like it isn't a good idea...
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi Simon, each Mailbox Server can send external without any issues using their own NAT rule in the firewall but it is the receiving bit I was wanting to resolve, as it is the CAS servers that are the ones receiving the mail.

Thanks for your help anyway :)
If you have the mailbox role sending email, why not have them receive email as well?

As I wrote above, you appear to be trying to overcomplicate the implementation for no real gain.

Simon.
Hi Simon,

We have split the roles of the servers so the CAS servers receive the mail and the Mailbox Servers send the mail.

I have set up in messagelabs to send to CAS01 on our primary site and then CAS03 on secondary as a failover option incase CAS01 dies.