We are going into coexistence between exchange 2007 and exchange 2013.
Exchange 2013 Server Internal IP - 10.3.42.81
Exchange 2007 Server Internal IP - 10.3.42.51
We have assigned a public IP 86.76.156.56 on external DNS and a firewall rule that NATS
86.76.156.56 to 10.3.42.51 (Exchange 2007 Server)
Now for coexistence we need to introduce a legacy exchange host name
1. Do we need to assigne a public IP for legacy.domain.com
2. do we need to create a firewall NATing for legacy.platcorp.com where the public IP assignd above will be routed to 10.3.42.51
or
3. do we need to just modify the current firewall routing to NAT
86.76.156.56 to 10.3.42.81 (Exchange 2013 Server)
Internal DNS
Record Type
Internal IP
------------------------------------------------------------
mail.domain.com A
10.3.42.81
autodiscover.domain.com CNAME
10.3.42.81
legacy.platcorp.com A
10.3.42.51
----------------------------------------------------------------------------------
External DNS
Record Type
Public IP
--------------------------------------------------------------------------------------
mail.domain.com A
86.76.156.56
autodiscover.domain.com CNAME
86.76.156.56
legacy.platcorp.com A
Shoud we assign a new Public IP or can we use the
same public IP as 86.76.156.56
------------------------------------------------------------------------------------
Exchange Coexistence DNS Entries
August 23rd, 2015 7:38am
"Legacy" is required for OWA and should point to the Exchange 2007 server. Autodiscover and mail should point Exchange 2013 server, both from inside and outside. You'll need another public IP.
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2015 11:40am
Hi Ed,
Thank You for the answer. however, kindly advise if I need a nating on the firewall where the public ip (legacy) is nated to the exchange 2007 server?
if not, why do we need a public IP
I understand we need a public IP for exchange 2013 and this must be nated on our firewall to the internal ip of the exchange 2013 server.
do we need to do the same with legacy public ip?
also how do we set the send and receive connectors for the mails to flow between exchange 2013 and exchange 2007
August 23rd, 2015 2:21pm
You need another IP address and corresponding NAT entry because of the use of SSL.
That requires port 443, so you need two IP addresses.
The usual method is point your current host name to the new server and then the legacy host name at the Exchange 2007 server.
Receive Connectors usually do not need to be changed from the default. However if you have a restriction on the receive connector on Exchange 2007 (for example because you are using an external filtering service) then you need to add the Exchange 2013 server to the list.
Simon.
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2015 3:03pm
Hi sphilip,
while it would be still possible (afaik not supported) to configure the SSL to different Ports (so SSL, as it is relaxed to a Name, not IP, by itself is not the reason) by different DNS Records pointing to tue same IP address, you are limited to configure the set-clientaccessserver to make use of a host name only. At that step you cannot configure a port.
As Exchange 2007 and Exchange 2013 cannot share the same Name, that requires a Different DNS pointing to a different IP-Address.
So yes, you definitely need a second IP for each endpoint in your client connectivity.
Regards,
Martin
- Edited by Gudel, Martin 12 hours 13 minutes ago
August 23rd, 2015 3:16pm
to simply put it
1. 2 internal ips - one for exchange 2007 and other for exchange 2013
2. 2 public ips - one for legacy and the other for exchange 2013
3. 2 nats on firewall - legacy public ip pointing to exchange 2007 and public ip pointing to exchange 2013.
am i correct?
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2015 4:36pm
Hi sphilip,
while it would be still possible (afaik not supported) to configure the SSL to different Ports (so SSL, as it is relaxed to a Name, not IP, by itself is not the reason) by different DNS Records pointing to tue same IP address, you are limited to configure the set-clientaccessserver to make use of a host name only. At that step you cannot configure a port.
As Exchange 2007 and Exchange 2013 cannot share the same Name, that requires a Different DNS pointing to a different IP-Address.
So yes, you definitely need a second IP for each endpoint in your client connectivity.
Regards,
Martin
- Edited by Gudel, Martin Sunday, August 23, 2015 7:16 PM
August 23rd, 2015 7:15pm
Hi sphilip,
while it would be still possible (afaik not supported) to configure the SSL to different Ports (so SSL, as it is relaxed to a Name, not IP, by itself is not the reason) by different DNS Records pointing to tue same IP address, you are limited to configure the set-clientaccessserver to make use of a host name only. At that step you cannot configure a port.
As Exchange 2007 and Exchange 2013 cannot share the same Name, that requires a Different DNS pointing to a different IP-Address.
So yes, you definitely need a second IP for each endpoint in your client connectivity.
Regards,
Martin
- Edited by Gudel, Martin Sunday, August 23, 2015 7:16 PM
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2015 7:15pm
That looks correct.
August 24th, 2015 2:04am
This topic is archived. No further replies will be accepted.
Other recent topics
