I have a load balanced set of Exchange servers in my network. I have a manual NAT on the perimeter cluster to publish just one of the servers to the internet. (I had to use this method, and a proxy ARP, otherwise something else broke in the traffic path when between the servers and another network - long story)
We currently have a need to only NAT to Server#1 and NOT the load balancer IP, but this is used internally. We seem to be getting inbound, external SSL traffic flows to the LB and not Server#1 despite the Firewall logs clearly showing that the traffic was being natted to Server#1.
Internal DNS for mail.company.com uses the LB address and an NSlookup on the FWs resolves mail.company.com to the LB address.
Is there any way that incoming SSL traffic would be looked-up by the FW and sent to the LB, rather than just following the NAT?
What role is DNS playing in this? if any?
Thanks for your help.