Thanks Michael. Like I said, I think I've been too deep into the minutia. It's good to know I'm not completely crazy.
As far as the Edge server, I've heard it both ways - one NIC, or two. If we do go with just one NIC, which is publically facing, how do you setup routing to get that traffic inside the firewall to the HT? >>> "Michael B. Smith" <mich...@smithcons.com> 9/8/2011 7:04 PM >>> Nothing obvious, but the devil is in the details. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Thursday, September 08, 2011 5:21 PM To: MS-Exchange Admin Issues Subject: Setting up Exchange environment Please bear with me on this one, I'm checking my sanity as much as anything else: We are moving from Groupwise to Exchange. I have my Exchange 2010 environment setup (mostly). Here's how we're setup: DMZ: 1) Edge Server for actual mail traffic. Our Edge server has 2 NICs. One public IP, one internal IP. Edgesync is running to the internal IP. 2) TMG - will be used for OWA/Activesync access. *** Yes, I know I could have had Edge role installed on the TMG box, but the TMG box is already production, and we didn't during initial install.*** Internal: 1) 3 MB servers, setup in a DAG, with each server containing one database, plus one copy of another server. 2) 2 HT/CAS servers, CAS using Microsoft Load Balancing for that role. We have a wildcard cert that we're going to use for OWA/Activesync. What I don't have setup yet: 1) TMG policy/listener for OWA. I need an IP for this, don't have one yet. 2) Send and receive connectors. We're going to be accepting mail for multiple mail domains, and I have that setup under Accepted Domains, but I haven't got the connectors yet. We're required to accept from/send to a specific third party system (FOPE). I still need the specific IPs that will be used for that. I've tested internally, and it works fine, however OWA access is giving me a cert issue. I think it's not a "trusted" CA... we can iron that out pretty easily, I think. I can't test externally, as I don't have the external IPs yet, so it's a great unknown at this point. Question: Am I missing anything? I think I may be too deep in this, and I'm worried that I've overlooked something major. Thanks, Joe --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist