none
External DNS question

    Question

  • Hi, i'm implementing an Exchange 2010 enviroment, and i have a question (maybe it's a idiotic one, but i'm new in the messaging business).

    The current enviroment is set this way: 1 CAS/HUB, 1 Mailbox and 1 Edge Transport.

    My client has a firewall and we'll use NAT redirection to configure the external access for Outlook Web and ActiveSync.

    In the external DNS configuration i'll create an A record mail.domain.com and a MX record pointing to the A record, so my doubt is:  to which host i'll configure the NAT redirection? To the CAS/HUB server or the Edge Transport Server?

    Friday, June 15, 2012 3:36 PM

Answers

  • Because the Edge will receive the email from external senders then forward to the HUB. If you had no Edge then you would point the HUB Directly (If there's no firewall in front).

    You don't have to set anything on the connector, it's not mandatory.


    Sukh

    Friday, June 15, 2012 6:20 PM
  • hi,

    >>>My client has a firewall and we'll use NAT redirection to configure the external access for Outlook Web and ActiveSync.

    If you want to configure the external access for OWA and activesync, you should point the record to your cas server. Because cas server will respond to the request for the client.

    But according to your description,I think you should point it to your firewall server.  I guess that you environment is: internet->firewall->edge->cas/hub->mailbox server

    hope can help you

    thanks,


    CastinLu

    TechNet Community Support

    Monday, June 18, 2012 4:55 AM
  •   Port reference Edge>HUB

    Sukh

    Tuesday, June 19, 2012 8:20 PM

All replies

  • Hi

    Your MX record should point to the Edge Transport server.

    Cheers, Steve

    Friday, June 15, 2012 3:41 PM
  • Hi

    Your MX record should point to the Edge Transport server.

    Cheers, Steve

    Thanks Steve.

    I thought that i had to point it to the CAS/HUB server.

    Can you tell me why i have to point it to the Edge? Another question: will i have to configure something at the send/receive connectors of the Edge transport to reflect the configuration of the external DNS (ex: set mail.domain.com at the HELO and EHLO feild)?

    Friday, June 15, 2012 5:52 PM
  • Because the Edge will receive the email from external senders then forward to the HUB. If you had no Edge then you would point the HUB Directly (If there's no firewall in front).

    You don't have to set anything on the connector, it's not mandatory.


    Sukh

    Friday, June 15, 2012 6:20 PM
  • Agree with Sukh, your mail from is Internet <-> Edge <-> Hub <-> Mailbox.  The point of having an Edge server is to use it in the DMZ to transfer mail to and from the Internet without allowing direct connections on port 25 to your LAN. 

    Edge servers can do address validation and spam filtering if you enable those features, you can also install Forefront Protection for Exchange to enable virus scanning.  However if you have some other appliance or hosted spam/av filtering in place then the edge server isn't adding much and you can consider remove it.

    Steve

    Friday, June 15, 2012 7:29 PM
  • hi,

    >>>My client has a firewall and we'll use NAT redirection to configure the external access for Outlook Web and ActiveSync.

    If you want to configure the external access for OWA and activesync, you should point the record to your cas server. Because cas server will respond to the request for the client.

    But according to your description,I think you should point it to your firewall server.  I guess that you environment is: internet->firewall->edge->cas/hub->mailbox server

    hope can help you

    thanks,


    CastinLu

    TechNet Community Support

    Monday, June 18, 2012 4:55 AM
  • Yes Castinlu, that's exactly my enviroment.

    I'll do the follwing configuration:

    - I'll make a NAT to redirect the MX traffic to the Edge Server

    - I'll make a NAT to redirect  the Autodiscover and OWA traffic to the CAS/HUB server

    Is there a reference or specific ports that i need to allow in my firewall for Edge and CAS work propely?

    Tuesday, June 19, 2012 8:17 PM
  •   Port reference Edge>HUB

    Sukh

    Tuesday, June 19, 2012 8:20 PM