Hi Folks
We have a requirement to secure Outlook Anywhere with IPSec using certificate based authentication. Microsoft have produced a whitepaper (Greg Taylor) in this regard but it doesn't contain enough information to easily implement this and what configuration steps you should take if Exchange Active Sync is required to be deployed as well, which it is in our case.
The document states that Autodiscover should be deployed on a separate non IPsec secured IP address but also states that Exchange Active Sync doesn't support IPSec. I am confused in regard to how this can be configured as the Exchange Active Sync virtual directory would exist beneath the Exchange web site which would be listening on the same IP address as the OA RPC virtual directory and the IPSec connection security rules would contain the Exchange server IP address as one of the IPSec endpoints and therefore IPSec would be utilised thus breaking EAS.
The document can be found here:
http://download.microsoft.com/download/8/3/1/831B9FD1-114F-40A1-A134-B4DCB20EDD7D/UsingIPsecToSecureAccessToExchange.docx
Can anyone assist me here and enlighten me to the additional configuration that is obviously required with this solution but is missing from the whitepapers and blogs on the subject or am I just plain missing something?
Thanks
Johny A