Hi guy I'm hoping to be able to get some ideas or input from you on something that's been given to me as a project. For a customer that my company works for currently has a flat network setup. They have a ubnt edgerouter 5 port poe now as their main router. They have two in use static ips from a local teleco via a business account. These are both configured on the one in use "wan" port on the edgerouter. The customer now wants to put in UAP Pro unifi devices for their wifi all over the different buildings. There will be several planned wireless networks with associated ssids that they want in separate segregated vlans / subnets for each ssid. One of these wireless networks will be a company owned device only network, another will be a company guess network for any vendors, and then there will be a secondary guest network at one of the locations. I have my head wrapped around almost all of the details except one.
The customer has an in use exchange server onsite that is used internally and externally for the company email. This sits on the current flat network subnet for example 192.168.2.0/24 along with all of the other servers, devices, etc. The current wireless access points also sit on this network and spool out leases via dhcp on the same network. On the old company firewall (I have now implemented it the same on the new edgerouter) was hairpin nat rules to allow the mobile and other devices connected to the wireless to be able to use exchange / activesync / outlook which uses ports 80, 443, and 445 and needs to get to the server via the external mail server name. The customer wants the new proposed company owned device wireless vlan / subnet to the be one that will allow for the same email connections to the onsite exchange server for mobile devices. Like I said I've got my head wrapped around most of the details except for how to complete this additional requirement the best way possible. Is hairpin natting possible on different subnets / vlans or is this better accomplished through dns / dns forwarding? Apologies if this is a confusing read. It's been a long few days dealing with other customers and vendors.