Exchange Coexistence DNS Entries
We are going into coexistence between exchange 2007 and exchange 2013.

Exchange 2013 Server Internal IP - 10.3.42.81

Exchange 2007 Server Internal IP - 10.3.42.51

We have assigned a public IP 86.76.156.56 on external DNS and a firewall rule that NATS

86.76.156.56 to 10.3.42.51 (Exchange 2007 Server)

Now for coexistence we need to introduce a legacy exchange host name

1. Do we need to assigne a public IP for legacy.domain.com

2. do we need to create a firewall NATing for legacy.platcorp.com where the public IP assignd above will be routed to 10.3.42.51

or

3. do we need to just modify the current firewall routing to NAT

86.76.156.56 to 10.3.42.81 (Exchange 2013 Server)







Internal DNS

Record Type Internal IP
------------------------------------------------------------

mail.domain.com A 10.3.42.81

autodiscover.domain.com CNAME 10.3.42.81

legacy.platcorp.com A 10.3.42.51

----------------------------------------------------------------------------------

External DNS

Record Type Public IP
--------------------------------------------------------------------------------------

mail.domain.com A 86.76.156.56

autodiscover.domain.com CNAME 86.76.156.56

legacy.platcorp.com A Shoud we assign a new Public IP or can we use the same public IP as 86.76.156.56

------------------------------------------------------------------------------------
August 23rd, 2015 7:38am

"Legacy" is required for OWA and should point to the Exchange 2007 server.  Autodiscover and mail should point Exchange 2013 server, both from inside and outside.  You'll need another public IP.
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2015 11:40am

Hi Ed,

Thank You for the answer. however, kindly advise if I need a nating on the firewall where the public ip (legacy) is nated to the exchange 2007 server?

if not, why do we need a public IP

I understand we need a public IP for exchange 2013 and this must be nated on our firewall to the internal ip of the exchange 2013 server.

do we need to do the same with legacy public ip?

also how do we set the send and receive connectors for the mails to flow between exchange 2013 and exchange 2007

August 23rd, 2015 2:21pm

You need another IP address and corresponding NAT entry because of the use of SSL.

That requires port 443, so you need two IP addresses.

The usual method is point your current host name to the new server and then the legacy host name at the Exchange 2007 server.

Receive Connectors usually do not need to be changed from the default. However if you have a restriction on the receive connector on Exchange 2007 (for example because you are using an external filtering service) then you need to add the Exchange 2013 server to the list.

Simon.

Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2015 3:03pm

Hi sphilip,

while it would be still possible (afaik not supported) to configure the SSL to different Ports (so SSL, as it is relaxed to a Name, not IP, by itself is not the reason) by different DNS Records pointing to tue same IP address, you are limited to configure the set-clientaccessserver to make use of a host name only. At that step you cannot configure a port.

As Exchange 2007 and Exchange 2013 cannot share the same  Name, that requires a Different DNS pointing to a different IP-Address.

So yes, you definitely need a second IP for each endpoint in your client connectivity.

Regards,
Martin


August 23rd, 2015 3:16pm

to simply put it

1. 2 internal ips - one for exchange 2007 and other for exchange 2013

2. 2 public ips - one for legacy and the other for exchange 2013

3. 2 nats on firewall - legacy public ip pointing to exchange 2007 and public ip pointing to exchange 2013.

am i correct?

Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2015 4:36pm

Hi sphilip,

while it would be still possible (afaik not supported) to configure the SSL to different Ports (so SSL, as it is relaxed to a Name, not IP, by itself is not the reason) by different DNS Records pointing to tue same IP address, you are limited to configure the set-clientaccessserver to make use of a host name only. At that step you cannot configure a port.

As Exchange 2007 and Exchange 2013 cannot share the same  Name, that requires a Different DNS pointing to a different IP-Address.

So yes, you definitely need a second IP for each endpoint in your client connectivity.

Regards,
Martin


August 23rd, 2015 7:15pm

Hi sphilip,

while it would be still possible (afaik not supported) to configure the SSL to different Ports (so SSL, as it is relaxed to a Name, not IP, by itself is not the reason) by different DNS Records pointing to tue same IP address, you are limited to configure the set-clientaccessserver to make use of a host name only. At that step you cannot configure a port.

As Exchange 2007 and Exchange 2013 cannot share the same  Name, that requires a Different DNS pointing to a different IP-Address.

So yes, you definitely need a second IP for each endpoint in your client connectivity.

Regards,
Martin


Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2015 7:15pm

That looks correct.
August 24th, 2015 2:04am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics