Publishing Exchange with a single IP

Question

Hi All&nbsp;
We wish to publish our exchange services behind a single virtual server.  However in order to complete meet our internal policies we need to have 2 factor authentication applied.&nbsp;
When accessing /microsoft-server-activesync* access would be allowed with a single factor - exchange is configured to only allow known devices to connect.&nbsp;
When connecting using other methods you would be prompted via the APM for username and password, then a sms token number...&nbsp;
Keen for any ideas on how we complete this?&nbsp;
Thanks&nbsp;

leonardo_accors · Answer

Hi David, 
the better way I see to do what you  require is using a two level VS.
You have to make a first VS with the ip of the service. Attached to this VS you have to setup a policy in whitch you have to setup this rules:&nbsp;
http-uri all starts-with /microsoft-server-activesync -&gt; forward request to VS1
in any other case -&gt; forward request to VS2&nbsp;
then you:
 create VS1 (with a fake ip like 1.1.1.1) and setup this VS without apm policy
 create VS2 (with a fake ip like 1.1.1.2) and setup this VS with apm policy&nbsp;
So you make a "chain" that permit you to select the VS according to the uri requested by the client.
Sorry for my terrible english, I hope it's clear.&nbsp;
regards&nbsp;
Leonardo&nbsp;

Forum Discussion

Publishing Exchange with a single IP

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

TMG2F5 Series: Publishing Microsoft Exchange Using F5

F5 BIG-IP deployment with OpenShift - publishing application options

Publishing an API using NGINX Controller

Publishing Applications

Single Node Persistence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS