I've read and have been told different stories. I want to give my users access to their email from outside the network. One person told me that I would have to install a Front End server in the DMZ for this, but he is unfamiliar with Exchange 2007. Another person said this was no longer neccessary with Exchange 2007. I've read about people upgrading their Front End server to Exchange 2007, but that doesn't tell me if I have to have one. I have 1 Exchange 2007 server with all roles except the Edge Transport role.

Well, in Exchange 2007 CAS handles the job which was handled by Exchange 2003 Front End server but it is not supported to publish CAS in DMZ.Ideal or supported way to publish OWA, which is served by CAS server role, is to use some application aware firewall or ISA and make your Exchange server more secure.References:Publishing Exchange Server 2007 withISAServer 2006http://technet.microsoft.com/en-us/library/bb794751.aspxReplacing Exchange 2003 Frontend OWA Server with Exchange Server 2007 Client Access Serverhttp://www.msexchange.org/articles_tutorials/exchange-server-2007/migration-deployment/replacing-exchange-2003-frontend-owa-server-exchange-server-2007-client-access-server.htmlAmit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com

Our environment has a Cisco ASA for the firewall. I'm pretty sure this is application aware...but I don't do any of the network side, so I'm just guessing. Do I just need to point our MX record to the ASA then have all external email traffic redirected to Exchange? Also, we purchased an IronPort spam appliance. Does the external email traffic need to flow through this before hitting my Exchange server? Obviously I'm new to this. I just inherited Exchange and have been asked to upgrade to 2007 and implement OWA by the end of next week. Any additional links, documentation, and suggestions are greatly appreciated.

Hi jason,With an Ironport you will want all email traffic going to the ironport, then the iron port will send to your Hub Transport Servers. For outbound mail you can configure a smart host to point to the ironport on your way out. This will prevent any spam etc from sending out email.as for your CAS which replaced the Exchange 2003 FrontEnd server, yes , you will need one in each AD site where you have exchange. For all OWA traffic you would point it to the CAS server. If you have more then one CAS you can use Windows NLB or the CSS to split the CAS servers. Typically you can have the CAS and Hub on the same server. So basically OWA traffic will go like this:Internet port 443 request> ASA > CAS (which should be on the internal network) > Mailbox ServerYou could use a ISA box to manage OWA traffic, if so it would go like this:Internet Port 443 reqest > ASA > ISA (DMZ) > CAS (Internal network) > Mailbox Server.Your inboundmail routing will goInternet Port 25 > ASA > Ironport (in DMZ) > Hub Transport (internal) > MailboxOutbound mail routing can go a couple of different ways depending if you want to use the Iron Port for outbound mail or not. That's up to you. Depending on the Ironport you have you could have an inbound nic and an outbound nic or you could have just one nic that does it all. Either way the Iron Port will need to communicate externally and internally as all your Exchange 2007 (except the Edge Transport Server) should reside in the internal network.BP

Yes, you dont need a FE as Amit said. And, Exchange 2003 FE servers can only be used for accessing the mailboxes located on Exchange 2003 mailbox servers. But it isnt support using the Exchange 2003 FE servers to access mailboxes located on Exchange 2007 mailbox servers If you want to have both FE and CAS for Exchange2003 and Exchange2007 users you need to have different URLs published on the external DNS so that Exchange2007 users hit the CAS server and Exchange2003 hit the FE server For MX record, you must point it to the IP address that publishes on the internet Since you dont have the Edge server, the smart host must be set to the send connector on the exchange server for mail flow References: How to Create a New Send Connector