Exchange 2007-2010 activesync security - VPN?

Hello. We would like to roll out exchange activesync for a couple users on their phones, however I am gathering information on the security of such a setup.

How can we implement two layers of security?

For OWA, for example, our users log in to a cisco 5510 WebVPN, and from there into OWA..

With activesync, how could we make it work? I do not want to open any ports to exchange directly (only one server with all roles currently)

What is the recommended solution for the above? SSL VPN on the phone, then activesync?

Thanks you.
arthurk123Asked:
Who is Participating?
 
Alan HardistyCo-OwnerCommented:
Yes - that's all the security that is enabled by standard.  Large corporations do use Activesync this way and I have never seen any issues as a result of using it this way, or heard of any issues either.

You can force Activesync to require client certificates, so that only clients with the relevant certificate can gain access.

In terms of accessing OWA via a webvpn - nothing wrong with accessing it via Webvpn - but I've not seen any issues with any companies that don't use a VPN for webmail access.

Activesync can be enabled / disabled on a per user basis, so it isn't available to everyone and with Exchange 2007 / 2010, you can restrict it to be used by certain devices only.
0
 
Alan HardistyCo-OwnerCommented:
Activesync requires port 443 to be open on your firewall to work.  If you don't want this open, then Activesync isn't an option for you.

Not sure if you configure a VPN to the office if Outlook on a mobile will work as I have never tried it.
0
 
arthurk123Author Commented:
So this offers only one layer of security then - the user's username and password, correct? Is that how large corporations handle it - seems rather insecure?

I mean if mobile access is open through 443 directly, then what is the purpose of accessing OWA through a cisco webvpn
0
 
Alan HardistyCo-OwnerCommented:
You can also incorporate RSA Secure ID two factor authentication to beef up security.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.