01-17-2011 04:54 AM
we want configure our SA 700 in order to provide ActivSync access to our Iphone.
We have only one public ip address and we need to use the same hostname (and ssl certificate) than the one already installed for admin and core web access but with a specific URL /mobile (f.e. https://hostname/mobile) that proxy to the internal exchange server.
Is possible to accomplish our goal with the SA 700? If not what we have to do it?
01-17-2011 10:17 AM
We set up an SA2000 for ActiveSync using the v7R2 firmware. You must use a different URL than the one for regular remote access, maybe an A record or a CNAME record pointing to the same public IP address as used for remote access. Apple's iOS configuration can be set to ignore SSL certificate errors.
You also need to create a separate URL that the one you use for Outlook Web Access. Even though it's the same internal server, the rewrite mechanism will break OWA if you use the same URL for ActiveSync.
Since we don't have an SA700, your experience may vary.
For our final configuration, we used a separate public IP address because we have a web application firewall in front of the SA2000 and we wanted to keep the rules as tight as possible. We also created a new Virtual Port and set it to require a client certificate to connect to the virtual port. The client certificate is ussued by our internal certificate authority.
01-19-2011 03:11 AM
Unfortunately I discover the SA 700 does not support multiple URL so it's not possible to reverse proxy the traffic, furthermore it does not support terminal session with core web access.
This device is really limited for the price it cost, I hope Juniper will enable these features on the next releases.