For incoming emails from Internet, you just need to change the SMTP route(s) for your domain(s).
1. Under 'Network'-'SMTP Routes', click and edit the destination hosts (i.e. private IP address of your Exchange server) for your domain(s).
For outgoing/relaying emails from Exchange server, since it sends from Exchange server directly to IronPort now instead of mail antivirus server, you need to edit the hosts under RELAYLIST.
1. Under 'Mail Policies'-'HAT Overview', click RELAYLIST of the listener and add the sender with Exchange server's private IP address. (I suggest to add the Exchange server's private IP address instead of replacing the existing mail antivirus server since it allows a smoother migration. You can remove the old mail antivirus server's IP address later or just keep it.)
For Exchange server setting, edit the smarthost configuration to be IronPort outgoing listener's IP address.
You can add a new network interface (and then listener) on IronPort with the same IP address of mail antivirus server if this mail antivirus server is only scanning SMTP traffic.
You need to plan carefully and take scheduled stoppage as well. This will involve less setting changes on servers and Exchange servers. However, each step needs to be taken carefully as well (e.g. stop all servers to deliver emails, let all emails on AV server to deliver nad clean up the delivery queue, then add a new network interface (then listener) on IronPort with AV server's IP address, add those relaying servers (Exchange and sister companies' servers) into RELAYLIST, add the SMTP routes of new sister companies' servers into IronPort).
Use 'telnet x.x.x.x 25' command on servers to test whether emails can be relayed correctly to other servers and Exchange servers.
Then you can resume email delivery of all servers.
Let us know if you still have any question or need any help.
The mail antivirus server not only scanning SMTP traffic but also routing mails as well. Actually we plan 3 phases for the migration. Phase 1 we have successfully migrated to IronPort for incoming email from Internet and routing email to local domain. Phase 2 we will migrate to IronPort for handling incoming email from sister company domain and also route them.
Phase 3 is to migrate to IronPort for other important server (in DMZ) which currently using Mail Anti Virus for email to IronPort.
Please check my proposed configuration.
For RELAYLIST i add sister company exchange address. (exisitng is Iron Port and Mail antivirus server address). For SMTP route, i add new domain (sister company) and add ironport IP address.
How to config selective mail routing, let say we receive emails from sistes company and only relay it to local exchange, not to internet? and only emails from local exchange route to sister company exchange, not from others.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...