This is going to be long, so I'm giving good points just for reading it. :-)
I've got a client with the following setup:
DSL Connection to Internet using Linksys Router
Dynamic DNS setup to allow external access to network resources via a VPN running on server
Port Forwarding used to pass VPN traffic from Intenet to 2003 SBS VPN
Newly installed/Configured Exchange Server on the 2003 SBS box
Two Verizon Samsung Windows Mobile Phones using a Verizon Wireless Sync (by Intellisyn - works okay)
--- All above is configured and works
Just added to the mix: HP iPaq 6515 running Mobile 2003 on Cingular
Originally, I thought there would just be another Sync agent provided by Cingular to do the same thing. However, from everything I'm seeing and hearing from Cingular, I have to configure "Mobile Services" on my Exchange server to get this phone working to sync the phone with the exchange mailbox. Following is my plan. What I'm looking for is additions, deletions, comments, suggestions, alternatives, etc. My (possibly insane) plan :-) :
1) Create a port forwarding rule for port 26675 (Active Sync Port) to the server
-Are any othe ports used in the active sync process?
2) Disable SSL on the server for Mobile Services and on the devices (I have a document on disabling SSL on the mobile device, but I haven't found one for the server yet, and it sounds like SSL is enabled by default on the Server.)
-99% of the traffic is non-sensitive calendar data... will disabling the SSL create any unanticipated security vulnerabilities?
3) point the device to our dynamic dns entry mydomain.dyndns.org
-note: I'd prefer to Connect to the netwrork via VPN first, but eventhough the VPN works flawlessly from a PC, I can't get the iPaq VPN to work. Any common problems with VPNs on this type of mobile 2003 phone?
4) Configure the Rules
5) Sync the device
6) Live happily ever after
Thoughts? Suggestions? Has anyone else done this? Am I crazy to do this for one phone? We currently have ports 47 & 1723 forwarded to the server for PPTP. Does forwarding 26675 and/or other ActiveSync ports create a serious vulnerability to the system?
Thanks in Advance,