2 Web Servers, 2 Exchange Servers, 1 Domain - Need OWA Working

[KapsZ28]

Here is what I have and what I am trying to do.

SBS 2008 with Exchange 2007 and IIS7
Server 2008 Enterprise R2 with Exchange 2010 and IIS7

SBS is the primary server that hosts my domain name. Both Exchange servers work and I can access OWA for both of them Internally. What I want to do is access OWA for both of them Externally.

SBS - remote.domain.com/owa
R2 - exchange.domain.com/owa

I've tried setting up a DNS forward lookup zone, but it only seems to make a difference Internally. I just have a Linksys router, so I can't setup a subdomain to point to a different IP address and I don't want to use different ports.

What do I need to do to get both sites working over the Internet?

 

[Topherhead]

Im assuming these are both on the same network?,or at least behind the same firewall/gateway?
You should be able to just forward port 80 and 443 to them and be done with it
But unless you have multiple external ips you can NAT out to them, then one will have to be on a different port
also note that a lot of the time unless its setup to, IIS won't auto redirect http to https, so you have to manually type in "https://remote.domain.com/owa" to get there

 

[KapsZ28]

Im assuming these are both on the same network?,or at least behind the same firewall/gateway?
You should be able to just forward port 80 and 443 to them and be done with it
But unless you have multiple external ips you can NAT out to them, then one will have to be on a different port
also note that a lot of the time unless its setup to, IIS won't auto redirect http to https, so you have to manually type in "https://remote.domain.com/owa" to get there

Yes they are on the same network, but like I said, I have a Linksys router. It does not allow you to forward the same ports to two different IP addresses. Everything goes to the SBS server. So I need some way of forwarding the request to the other server running Exchange 2010.

 

[Topherhead]

the only way to do that with one external ip is to forward a different port to port 80
ie remote.domain.com
exchange.domain.com:8080

in the firewall rules, set a rule that does something like
WAN port 80 ->80 192.168.1.10 for the first one
WAN port 8080 -> 80 192.168.1.20 for the second one
obviously the ips are just inserts, but this is a basic firewall function, if your router can't do this then youll need a new one, or if that one is the rigth revision you could try just putting tomato on it or something

 

[Jay_2]

Double Post

 

[Jay_2]

I would use a linux server and the .htaccess file to forward the urls to the correct port (the users won't see the port change)

eg
put the apache server on port 80 and 443
put exchange 1 on port 81 and 444 (external URL = mail.domain.com)
put exchange 2 on port 82 and 445 (external URL = webmail.domain.com)

then use the htaccess file to work out what server is wanted by the incomming URL

 

[C7J0yc3]

I can think of about 3 or 4 ways to make this work, that will add huge complexity to your environment and make troubleshooting your environment a PITA.

So here is my suggestion. Replace your router. If you were to get a device (even a pfSense box) that was able to setup server nats that point to different external IPs you would be just fine.

Alternatively, why two exchange servers? Why not just migrate your mailboxes and be done with the SBS server.

 

[KapsZ28]

I can think of about 3 or 4 ways to make this work, that will add huge complexity to your environment and make troubleshooting your environment a PITA.

So here is my suggestion. Replace your router. If you were to get a device (even a pfSense box) that was able to setup server nats that point to different external IPs you would be just fine.

Alternatively, why two exchange servers? Why not just migrate your mailboxes and be done with the SBS server.

This is more or less a lab in my house for testing and learning. I like having everything work externally so I can use it any time especially if I am testing something.

What ways can you think of? Being that this is mostly a lab and doesn't effect anyone but myself, I don't care about complexity.

 

[Biznatch]

Put an ISA/forefront box in front, or use a VM. Plus it will act as a firewall and give you experience on that product. Then you forward all connections from your router to the ISA server and it handles it from there.

 

[KapsZ28]

Well, I do have access to Forefront TMG Standard 2010, so I can try that. But it might be an issue with SBS, as the SBS server seems to take over everything when you set it up to connect to the Internet. Plus SBS connects directly to godaddy.com so my domain name and DNS are forwarded properly.

 

[C7J0yc3]

Here is another question for you. You say this is a personal lab, do you have multiple external IPs? If not then you are finished before you started and you are either going to have to use non standard ports for external access.

TMG on a VM would be a good replacement for the linksys router, however pfSense would be an even better replacement (much better for NAT firewall stuff).

 

[KapsZ28]

If I am running TMG on a VM, am I supposed to plug the cable modem directly into the VM server or can it still go through the Linksys router first?