Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

ActiveSync / OWA separation issue

  • 07-03-2013 04:36PM
    #1
    Zirconia
    Registered Users, Registered Users 2 Posts: 386 ✭✭
    Boycott Israeli Goods & Services


    Hi All,

    I need to configure Exchange to accept Outlook Web Access connections from the Internet and also to reject ActiveSync connections from the Internet, but let it allow connections from another local server (a Mobile Device Management server running an ActiveSync proxy). The mobile devices would then be forced to connect to the ActiveSync proxy or they would be unable to access mail on their device, but Outlook Web Access should remain unaffected

    The problem is they are all on the same server with the same protocols (http, https), so you can't block one without blocking the other at the firewall.

    Has anyone ever done something like this and how is it done?

    Thanks


Comments

  • #2
    ressem
    Registered Users, Registered Users 2, Paid Member Posts: 2,427 ✭✭✭ressem


    What version of IIS?

    In version IIS 7.5 in Windows Server 2008r2, (and very similar in versions since '03.)
    You open up the IIS management console.
    Under
    <myservername>\sites\default web sites\Microsoft-server-activesync
    there is "IP address and domain restrictions" which you can use to restrict access to individual IIS applications using ALLOW and DENY rules.


  • #3
    Zirconia
    Registered Users, Registered Users 2 Posts: 386 ✭✭Zirconia
    Boycott Israeli Goods & Services


    Hi Ressem,

    I tried that, but the IP address and domain restrictions appear to be a site level restriction rather than a folder level restriction. It did only allow mail via the MDM proxy when I only allowed that to connect, but it also prevented outside users connecting in via Outlook Anywhere (seems that it doesn't affect OWA though) , so I had to remove the restriction.


Advertisement