Okay, I think my confusion about the different IP comes from the wizard. The wizard doesn't ask about remote IP's, so I will need to create it from PowerShell in order to get the "unique combination of a local IP address, port bindings, and remote IP address ranges".
From: Robinson, Chuck [mailto:chuck.robin...@emc.com] Sent: Wednesday, January 30, 2013 9:15 AM To: MS-Exchange Admin Issues Subject: RE: Allow anonymous on default Receive Connector? You don't want to allow Anonymous on the Default Receive Connectors because they allow all IP's to connect. The better answer is to create a new connector, allow anonymous and specify only the IP's that you are allowing to send. Also, you don't need another IP, Exchange will select the proper connector. Assuming you have more than one HT server role: Be sure HT to HT SMTP is not load balanced, Exchange handles that already. Chuck Robinson _______________ Sr. Solutions Architect Microsoft Certified Master: Exchange 2010 MCITP: EA Windows Server 2008 EMC Consulting Mobile: 973-865-0394 chuck.robin...@emc.com<mailto:chuck.robin...@emc.com> www.emc.com/consulting<http://www.emc.com/consulting> Transforming Information Into Business Results From: Mayo, Bill [mailto:bill.m...@pittcountync.gov] Sent: Wednesday, January 30, 2013 9:04 AM To: MS-Exchange Admin Issues Subject: Allow anonymous on default Receive Connector? Moving from Exchange 2003 to 2010. We have an email appliance on the perimeter. I am at the stage where I need to change the mail flow to bypass the 2003 server(s). I have found several migration guides that indicate to simply check the box to allow Anonymous access on the default receive connector on the HT box(es). IIRC, the Exchange training I took had you create a separate receive connector for anonymous access, which would require a separate IP (unless I misunderstand something). The logic I see there would be that I could limit that connector to only accept traffic from desired IP's (e.g. the email appliance and designated internal devices). However, we are using NLB on these servers for CAS functions and it would make life interesting trying to maintain high availability for both. So, the question is, do most folks simply allow Anonymous on the default receive connector, or use a different connector? Bill Mayo --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist