Exchange 2013 Edge Transport DMZ Configuration



I am implementing co-existence with Exchange 2007/2013. I have a Loadmaster 2600 that I am getting ready to configure with ESP.

I have two 2013 Edge Transport boxes that will sit in my DMZ in a cloned configuration.
I have created an SMTP VIP in my DMZ with the Exchange 2013 ESP Template that will load balance smtp traffic between these two boxes in a one-arm configuration.

Once cutover all SMTP traffic will be pointed to this VIP on the dmz. Edge subscriptions will be setup for my internal boxes.

Internally I have three 2013 MBX+CAS Servers that I need to balance for the CAS.

Currently we have an external OWA address that is NAt'd back internally to our Exchange 2007 box for OWA access.

My question is, once everything is cutover would it be better to NAT this address to a separate VIP in a two armed configuration on the DMZ that load balances traffic to real servers on the internal network or do I need to setup the VIP internally?

From what I have read this might have extra configuration and I cannot find much documentation on setting up the loadmaster in DMZ scenarios.

I have only found one article concerning Lync that addresses this:

KEMP did not anticipate a network topology in which the KEMP is positioned between two perimeter networks (e.g. ‘DMZ-External’ and ‘DMZ-Internal’).

Thanks for the help.

1 comment


The is no issue with having separate VIP`S for external and internal networks, you may want to log a support ticket with KEMP support to further discuss the routing of the traffic through the loadmaster