Hi Everyone,

I am currently trying to follow the Exchange 2007 training video. I have setup the following environment so far:


I am runnig Windows XP Pro X64 as my host.
Using VMWare Workstation
I have the following VMs

DC - Win 2003 Enterprise x32 with AD, DNS
Exchange 2007 - Win 2003 Enterprise X64 with Mailbox,CA, Hub Roles
Exchange 2007 Edge - Win 2003 Enterprise X64 on Standalone Server

Linksys Router
CableModem


I got the first part working with the hub transport and I am able to send and receive internet mail.

What I am not understanding and not familiar with is the Edge Server on a different segement. Where do I go to insure that it can see the other machines? I am sure I need to configure some routing table on my Linksys Router to bridge the LAN segment that the Edge Server is on. Can someone please advise.

Thanks in Advance

Carlos

Here is a link to Microsoft TechNet that has what I think you're looking for. It describes how to configure a DNS suffix for the Edge Transport Server that will allow it to see other servers on the network. Let me know if this isn't exactly what you are looking for so we can work on getting this ironed out for you.

http://technet.microsoft.com/en-us/library/bb123528(EXCHG.80).aspx

No that did not help. I already had that setup.

Perhaps if I give you the IP Configuration it help more.

DC1 - IP:192.168.240.1
SM:255.255.255.0
DG:192.168.240.200
DNS:192.168.240.1

E2K7 - IP:192.168.240.5
SM:255.255.255.0
DG:192.168.240.200
DNS:192.168.240.1

Edge - IP:192.168.239.5
SM:255.255.255.0
DG:192.168.240.200
DNS:207.172.3.8
207.172.3.9

All Three VMs are in a Team and I originally created two Segments called 239, 240. I assign the 239 to the Edge and the 240 to the DC1 and E2K7 but inorder to get out to the internet I had to change it to bridge.

While I was compose this reply I got them to see each other. I do not know if it was that in DNS I did not have the Reverse DNS for the 239 segment or I forgot to place the other two machines to Bridge.

But now that I have them seeing each other my next problem is how do I configure the Linksys Router to Forward Port 25 to Edge Server 192.168.239.7 when I can only configure Forwarding to 192.168.240.*?

Thanks

Carlos

Hi Carlos,

I am not an expert on Exchange Edge transport servers but I have networking and virtualization knowledge.

I offer 2 options:
1) does the edge server truly have to be on a different IP subnet to function and perform your testing? Can you not just put it on the same network as the rest of the servers and do what you need to do?
2) if the edge server does need to be on a different IP subnet, then I am not sure that you have a router that can handle this. Typical Linksys routers have two network segments that they can route between - the "WAN/Internet" and the internal LAN. It would appear that to truly setup an edge server on a different IP subnet (other than the Internet directly) you would need a router with 3 interfaces (Internet/WAN, DMZ (for the edge server), and Internal/LAN). You could run a virtual router as these are all VMs, such as vyatta or a Win server running RRAS or you could buy a physical router that has multiple interfaces, or your ISP could give you more than one IP address and you could put the edge server between the cable modem and the linksys, effectively on the Internet.

I don't think your linksys is going to be able to port forward 25 to the .239 network.

I hope that helps.

Thanks!
David Davis
Train Signal video author - Windows XP, Wireless, Linux+, VMware Server, VMware ESX, and ISA Server

Hi David,

I was trying to setup the same environment as recommend by David Shackelford in the instructional Video, perhaps I misunderstanding him. The proper setup is to have the Edge server in the perimeter network (DMZ). He mentions that one would need two NICs but can be done with one. So, perhaps when it is with one then they have to be on the same segment. In the video he mentions that he is going to the Edge server on 192.168.66.3 but I notice in his remote desktop session it looks like he is going to 192.168.67.13

I am going to have to put it in the same segement since I am running out of time. I am schedule for the test on Monday. I wanted to get this exactly so I know how it should be done according to best practice.

Thanks for the help

Carlos

PS I have the Complete TrainSignal training. Is there a training video that covers setting up a perimeter network?

PS I have the Complete TrainSignal training. Is there a training video that covers setting up a perimeter network?


Every hardware situation will handle a DMZ differently. Unfortunately, for this reason, there are no training videos to help you out. :(

Apologies and good luck on your test!

Carlos, if you are working with VMWare like you and I are, it's not practical to set up both a DMZ and an internal network. It makes the VMWare setup more difficult and you have to set up a more complex internal routing environment. So while in my slide I talked about the Edge server being in a different subnet (which it might normally be), in reality I kept it in the same subnet so that I wouldn't have to do a whole different video on routing and VMWare.

So if you change your Edge IP to 240.6, you'll be fine for the purposes of testing. The exam is not going to go into the addressing, only on the procedures for setting up EdgeSync and things like that.

Plus I'm noticing that while you have the Edge currently configured for 239.5, the gateway is still set for 240.200, which is in a different subnet and would never work. I'm just pointing that out to give you an idea of the complexity that would be introduced if you actually added another internal subnet.

So could you run the Edge in the same subnet in real life? If you did, you'd get the advantage of having inbound mail first hit a server that's not a member of your domain, so that's a positive. The negative would be that if that server was compromised, it would already be in your internal network. All that to say that there would still be SOME benefit to running Edge on the internal LAN, but not nearly as great a benefit if it was running on another firewall interface. If you really wanted to create a test environment for the Edge, you'd want to have a firewall with multiple interfaces that allow you to create rules that filter between the interfaces and not just between the WAN and LAN.

Let me know if you have any other questions about this, and I'd be happy to answer them.

Dave Shackelford

Thanks Dave for clearing that up!

I was unsure if the edge server being on a different IP subnet was a requirement for it to function or just a best practice that you would use in a production network. You answered that very well.

Thanks for the help,
David Davis