barrettt
asked on
Connecting Mobile device to exchange server through firewall and ISA
I have the following set up:
Sonicwall Pro230 Firewall ==> ISA/proxy server ==> exchange server
I only have one external ip address, and I want to set up mobile devices to be able to connect to Outlook and get calendar/contacts/email through a cellular data connection. Exchange is set up for OWA and OMA is currently turned on, but I cannot figure out how to configure a device to pass through the external ip address via (pop3/imap4/whatever) and get through the ISA proxy server to the exchange server. I've read a bunch of stuff about activesync, and desktop redirectors, but I would rather not have to leave pc's running to send the outlook data to the wireless devices. The devices I am trying to connect with are:
Treo 650 with Sprint service and a Cingular 8125. If more details are needed please ask.
Sonicwall Pro230 Firewall ==> ISA/proxy server ==> exchange server
I only have one external ip address, and I want to set up mobile devices to be able to connect to Outlook and get calendar/contacts/email through a cellular data connection. Exchange is set up for OWA and OMA is currently turned on, but I cannot figure out how to configure a device to pass through the external ip address via (pop3/imap4/whatever) and get through the ISA proxy server to the exchange server. I've read a bunch of stuff about activesync, and desktop redirectors, but I would rather not have to leave pc's running to send the outlook data to the wireless devices. The devices I am trying to connect with are:
Treo 650 with Sprint service and a Cingular 8125. If more details are needed please ask.
ASKER
Whats EAS? and how do I test if OMA is working, because it seems to be set up correctly? Also what settings do I use in the mobile device to get connected is it by the outside IP address?
Thanks,
Thanks,
EAS - Exchagne Active Sync.
OMA is a matter of browsing to the external IP address or preferably dns name and putting /oma on the end:
http://mail.domain.com/oma
Simon.
OMA is a matter of browsing to the external IP address or preferably dns name and putting /oma on the end:
http://mail.domain.com/oma
Simon.
ASKER
Ok, got it but, I get this error when I browse to that page (https://mail.domain.com/oma):
Unable to connect to your mailbox on server xxx. Please try again later. If the problem persists contact your administrator.
Unable to connect to your mailbox on server xxx. Please try again later. If the problem persists contact your administrator.
Is the OMA virtual directory allows through ISA?
Does it work inside?
Simon.
Does it work inside?
Simon.
ASKER
No, it won't even open on that server. The mail server has IIS5 running on it, and OWA works fine on both sides. Any ideas?
This is Exchange 2003?
Do you have a /oma virtual directory in IIS manager?
Simon.
Do you have a /oma virtual directory in IIS manager?
Simon.
ASKER
Yes Exchange 2003, and there is a /oma directory under the default website listing.
And what happens when you browse to the /oma directory from a standard web browser? Make sure that you have friendly http error messages turned off.
Simon.
Simon.
ASKER
I get a 404 error or just a blank page depending on if I use https or http, could it be an IIS setting?
ASKER
Ok, I retested and all I get is a blank page after it asks for my username/password three times (and I am definetly not typing this in wrong)
ASKER
Another update. I have OMA working now but only internally. I cannot browse to it from outside my network, any ideas?
If it works inside, but not outside, then it has to be the ISA server blocking the connection. You will have to look at the ISA configuration to see why.
Simon.
Simon.
ASKER
I've checked this. Outlook web access works on the same server without any visibile settings in ISA?! Any ideas?
Thanks.
Thanks.
Unfortunately not. I don't deploy ISA as I prefer to use a real firewall.
Try this guide: http://www.petri.co.il/configure_isa_to_publish_owa.htm
Simon.
Try this guide: http://www.petri.co.il/configure_isa_to_publish_owa.htm
Simon.
ASKER
I'll check out that link, but we don't use ISA for blocking its used for logging internet browsing. We have a Sonicwall 230 PRo that does the filtering.
If you are using ISA for logging internet browsing, then why don't you just bypass it for inbound traffic.
With some clever rules on the firewall you can ensure that no user traffic goes out unless it has come through the filter (ISA), while allowing the outbound traffic to work correctly. I do that all the time when deploying packages like surf control.
Simon.
With some clever rules on the firewall you can ensure that no user traffic goes out unless it has come through the filter (ISA), while allowing the outbound traffic to work correctly. I do that all the time when deploying packages like surf control.
Simon.
ASKER
I've got some more info now. We actually have three exchange servers 1. is for adding disclaimer and has third party tool for spam filtering, 2. has all the mailboxes and currently works with OWA outside the network and cannot get OMA to work at all, 3. new server to eventually replace 2, has two test mailboxes which work but OWA and OMA only work internally. There are rules in the firewall to allow mail and such through to server 1, which then (I assume routes it automatically through to server 2 or 3 depending on location of mailbox). So why does OWA work for server2 and not 3??
Are any of those servers configured as a frontend server?
If not, then that would be the problem.
OWA will try to redirect the user to the correct backend server. If the real name of the server doesn't resolve on the Internet, AND hasn't been published through your ISA, then it will all break.
If the server that has the disclaimer and spam filtering application has been set as a frontend server, then that is the one that should be published through OWA.
In fact, even if it hasn't - if it doesn't contain any mailboxes I would be looking at using it as a frontend.
Simon.
If not, then that would be the problem.
OWA will try to redirect the user to the correct backend server. If the real name of the server doesn't resolve on the Internet, AND hasn't been published through your ISA, then it will all break.
If the server that has the disclaimer and spam filtering application has been set as a frontend server, then that is the one that should be published through OWA.
In fact, even if it hasn't - if it doesn't contain any mailboxes I would be looking at using it as a frontend.
Simon.
ASKER
I'm kind of new to Exchange, how would I tell if server 1 which has no mailboxes (from last comment) is a front-end server? Thanks for all the help (and patience)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Update, server 1 is Exchange 2000 Standard edition so it is not a front-end server.
ASKER
For anyone else interested, I am awarding Sembee the points and closing this question. I have discovered the OMA will not work well with Windows 2000 which has iis5, and I have gotten it to work through windows 2003 with iis6 thanks to his help and numerous searchs on the internet.
EAS should not be confused with the desktop software - it is a pure server application.
Simon.