cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
948
Views
5
Helpful
1
Replies
Highlighted
Beginner

ESA on-prem with Exchange in hybrid mode (Exchange on-prem and O365)

Hello,

I would like to understand how an ESA (on-Prem) can work in an Exchange Hybrid deployement.

We have an Exchange server on site with some users (@domain.com),and an Office 365 setup where some other users are created.(also @domain.com)

We also have an ESA on-prem which is already working for all on-prem users.

 

What are the recommandations if I want:

1- All incoming emails go through the ESA (MX=ESA) and then delivered either on prem or in the cloud? How can I make the difference between users to route the mail to the correct Exchange server?

 

2- All outgoing emails should go through ESA

 

3- Emails from on-prem users to cloud users (and vice-versa) should also go through ESA.

 

What is the best way to implement the kind of setup, as I am a bit confused with the mail flows in this setup (not an exchange specialist)...

 

Thanks

1 REPLY 1
Highlighted
Cisco Employee

Hello RD77,

You can go through the below article for configuring them as per your requirement:
https://www.cisco.com/c/en/us/support/docs/security/cloud-email-security/214812-configuring-office-365-microsoft-with.html

Also, please find below answers to your query:

1) From what I understand, I can imagine that you are looking for a way to route specific emails to Exchange Online and other mail to Exchange on-prem. If this is the case you can make the use of mail policies on ESA and SMTP routes where you can configure what traffic is routed where. E.g. all traffic for domain example.com goes to Exchange Online and traffic to
example2.com goes to Exchange on-prem.
Now if you want to send emails for specific email ids to a different destination other than configured for in the SMTP route then I would recommend creating a new incoming policy/filter for those specific recipients and apply set action of "alternate-host" for emails to be delivered to a separate destination.

2) I would recommend you to create a new private outbound listener for Office 365 and added the partial host ".protection.outlook.com" in the RELAYLIST.
Also, recommended you to remove all the IP Addresses of exchange from the incoming listener's RELAYLIST and add all of them into the Outbound 's RELAYLIST, so outgoing listener can be used specifically for the outgoing emails.

3) From O365 if you send an email internally, it should not go through ESA and that email routing needs to be done in O365 otherwise it might cause a loop. If you are routing the emails through ESA, then email will be processed through the same SMTP routing and keep looping and this can be configured in O365.

I hope the above answers your query.

Cheers,
Pratham