For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

PaulN_70685's avatar
PaulN_70685
Icon for Nimbostratus rankNimbostratus
Aug 19, 2011

IPhone (4.3.3) ActiveSync & FirePass 4100 Ver 7.0.0

Hi everyone

 

 

I'm having a problem getting the IPhone 4 to ActiveSync to Exchange 2007. The Iphone happily ActiveSync on the internal network and Exchange appears to be configured for http basic authentican and it uses a self signed certificate.

 

 

Firepass has a signed certificate installed so users aren't prompted with a certificate warning when logging in.

 

 

On the FirePass I have configured as per "SOL7812 - Configuring FirePass to proxy ActiveSync"

 

 

1. Device Management -> Customization -> URI-based Customization

 

 

Type in Microsoft-Server-ActiveSync in the New Landing URI field > Apply

 

 

2. Portal Access -> Web Application -> Master Group Settings

 

 

Select Master Group

 

 

3. Minimal Content-Rewriting Bypass -> Comma Separated list of patters field

 

 

Type in /Microsoft-Server-ActiveSync*

 

 

4. Minimal Content-Rewriting Bypass

 

 

Type in } -> Add

 

 

5. Allow List Default Action -> Allow

 

 

6. Access Limitation

 

 

Untick "Show administrator-defined favourites only"

 

 

Can anyone please give me any ideas on how to resolve this matter.

 

 

Thanks

 

 

BIG-IP Access Policy Manager (APM)
remote access
security

3 Replies

  • Mike_61719's avatar
    Mike_61719
    Icon for Cirrus rankCirrus
    Aug 19, 2011
    "configured for http basic authentican and it uses a self signed certificate."

     

     

    How do you have http basic with a self signed cert? You then have the domain set to https. In addition, a self signed https cert won't work as it will prompt the user to accept the traffic and this is not supported. I would recommend reading the guide again, line by line.

     

     

    https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7812.html?sr=16109074
  • PaulN_70685's avatar
    PaulN_70685
    Icon for Nimbostratus rankNimbostratus
    Aug 22, 2011
    I will talk to our Exchange admin, I can see the following from the Exchange Console.

     

     

    Microsoft-Server-ActiveSync properties in the Exchange Management Console. Server Configuration -> Client Access -> Exchange ActiveSync -> Authentication page is:

     

     

    Basic Authentication - ticked

     

    Ignore client certificates - checked

     

     

    Microsoft-Server-ActiveSync properties in the Exchange Management Console. Server Configuration -> Client Access -> Exchange ActiveSync -> General page is:

     

     

    SSL Enabled: True

     

    Internal URL:

     

     

    The devices work on the internal WLAN without prompting for a Certificate.

     

     

    Paul
  • Mike_61719's avatar
    Mike_61719
    Icon for Cirrus rankCirrus
    Aug 23, 2011
    With SSL you can't have a certificate process like that. Remember, SSL has to negotiate in order for it to function.