• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 724
  • Last Modified:

Connecting Mobile device to exchange server through firewall and ISA

I have the following set up:
Sonicwall Pro230 Firewall ==> ISA/proxy server ==> exchange server

I only have one external ip address, and I want to set up mobile devices to be able to connect to Outlook and get calendar/contacts/email through a cellular data connection. Exchange is set up for OWA and OMA is currently turned on, but I cannot figure out how to configure a device to pass through the external ip address via (pop3/imap4/whatever) and get through the ISA proxy server to the exchange server. I've read a bunch of stuff about activesync, and desktop redirectors, but I would rather not have to leave pc's running to send the outlook data to the wireless devices. The devices I am trying to connect with are:
Treo 650 with Sprint service and a Cingular 8125. If more details are needed please ask.
0
barrettt
Asked:
barrettt
  • 13
  • 10
1 Solution
 
SembeeCommented:
If it is Exchange 2003, which it sounds like it is, then you could use Exchange Active Sync. That comes in on the http protocol by standard, using the OMA infrastructure, so if you have OMA working outside then you should be able to use EAS.

EAS should not be confused with the desktop software - it is a pure server application.

Simon.
0
 
barretttAuthor Commented:
Whats EAS? and how do I test if OMA is working, because it seems to be set up correctly? Also what settings do I use in the mobile device to get connected is it by the outside IP address?
Thanks,
0
 
SembeeCommented:
EAS - Exchagne Active Sync.

OMA is a matter of browsing to the external IP address or preferably dns name and putting /oma on the end:

http://mail.domain.com/oma

Simon.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
barretttAuthor Commented:
Ok, got it but, I get this error when I browse to that page (https://mail.domain.com/oma):
Unable to connect to your mailbox on server xxx. Please try again later. If the problem persists contact your administrator.
0
 
SembeeCommented:
Is the OMA virtual directory allows through ISA?
Does it work inside?

Simon.
0
 
barretttAuthor Commented:
No, it won't even open on that server. The mail server has IIS5 running on it, and OWA works fine on both sides. Any ideas?
0
 
SembeeCommented:
This is Exchange 2003?
Do you have a /oma virtual directory in IIS manager?

Simon.
0
 
barretttAuthor Commented:
Yes Exchange 2003, and there is a /oma directory under the default website listing.
0
 
SembeeCommented:
And what happens when you browse to the /oma directory from a standard web browser? Make sure that you have friendly http error messages turned off.

Simon.
0
 
barretttAuthor Commented:
I get a 404 error or just a blank page depending on if I use https or http, could it be an IIS setting?
0
 
barretttAuthor Commented:
Ok, I retested and all I get is a blank page after it asks for my username/password three times (and I am definetly not typing this in wrong)
0
 
barretttAuthor Commented:
Another update. I have OMA working now but only internally. I cannot browse to it from outside my network, any ideas?
0
 
SembeeCommented:
If it works inside, but not outside, then it has to be the ISA server blocking the connection. You will have to look at the ISA configuration to see why.

Simon.
0
 
barretttAuthor Commented:
I've checked this. Outlook web access works on the same server without any visibile settings in ISA?! Any ideas?
Thanks.
0
 
SembeeCommented:
Unfortunately not. I don't deploy ISA as I prefer to use a real firewall.

Try this guide: http://www.petri.co.il/configure_isa_to_publish_owa.htm

Simon.
0
 
barretttAuthor Commented:
I'll check out that link, but we don't use ISA for blocking its used for logging internet browsing. We have a Sonicwall 230 PRo that does the filtering.
0
 
SembeeCommented:
If you are using ISA for logging internet browsing, then why don't you just bypass it for inbound traffic.

With some clever rules on the firewall you can ensure that no user traffic goes out unless it has come through the filter (ISA), while allowing the outbound traffic to work correctly. I do that all the time when deploying packages like surf control.

Simon.
0
 
barretttAuthor Commented:
I've got some more info now. We actually have three exchange servers 1. is for adding disclaimer and has third party tool for spam filtering, 2. has all the mailboxes and currently works with OWA outside the network and cannot get OMA to work at all, 3. new server to eventually replace 2, has two test mailboxes which work but OWA and OMA only work internally. There are rules in the firewall to allow mail and such through to server 1, which then (I assume routes it automatically through to server 2 or 3 depending on location of mailbox). So why does OWA work for server2 and not 3??
0
 
SembeeCommented:
Are any of those servers configured as a frontend server?
If not, then that would be the problem.

OWA will try to redirect the user to the correct backend server. If the real name of the server doesn't resolve on the Internet, AND hasn't been published through your ISA, then it will all break.

If the server that has the disclaimer and spam filtering application has been set as a frontend server, then that is the one that should be published through OWA.
In fact, even if it hasn't - if it doesn't contain any mailboxes I would be looking at using it as a frontend.

Simon.
0
 
barretttAuthor Commented:
I'm kind of new to Exchange, how would I tell if server 1 which has no mailboxes (from last comment) is a front-end server? Thanks for all the help (and patience)
0
 
SembeeCommented:
It will say so in Exchange System Manager.
You can confirm by finding the server, right click on the server, choose Properties and see if the box "This is a frontend server" has been enabled.

Simon.
0
 
barretttAuthor Commented:
Update, server 1 is Exchange 2000 Standard edition so it is not a front-end server.
0
 
barretttAuthor Commented:
For anyone else interested, I am awarding Sembee the points and closing this question. I have discovered the OMA will not work well with Windows 2000 which has iis5, and I have gotten it to work through windows 2003 with iis6 thanks to his help and numerous searchs on the internet.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 13
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now