Purpose

You should consider using this procedure under the following condition:

• You need to proxy Microsoft Exchange ActiveSync connections through the BIG-IP APM system.

Prerequisites

You must meet the following prerequisite to use this procedure:

• Your BIG-IP system is provisioned with APM.

Description

The BIG-IP APM system can act as a proxy for the Exchange ActiveSync protocol. Devices that have the Microsoft Exchange ActiveSync client can access Exchange e-mail, calendars, tasks, and contact information through the BIG-IP APM system. Supported devices include the Apple iPhone/iPad/iPod touch, Android Phones, Windows mobile phones, as well as other devices that have implemented Exchange ActiveSync.

Procedures

Creating an ActiveSync policy

To configure the BIG-IP APM system to proxy Exchange ActiveSync, perform the following procedures:

Impact of procedures: None

Using the Device Wizard to create the access policy

This procedure uses the Device Wizard to create the required objects for the Exchange ActiveSync access policy.

1. Log in to the BIG-IP APM Configuration utility.
   
2. Click Wizards.
   (In versions 10.x, click Templates and Wizards).
   
3. Click Device Wizards.
4. Click Web Application Access Management for Local Traffic Virtual Servers.
5. Click Next.
6. In the Policy Name box, type a name for your ActiveSync policy.
   
   For example:
   
   activesync
7. Clear the Enable Antivirus Check in Access Policy check box.
8. Click Next.
9. Click Active Directory.
10. Click Next.
    
    Note: If there is a previously-defined AD AAA server for this AD domain, the configuration entered must match the previously-defined AD AAA server.
    
11. In the Domain Name box, enter the FQDN of your Active Directory domain.
12. In the Admin Name box, enter the name of the Active Directory Admin account.
13. In the Admin Password box, enter the password for the AD admin account.
14. In the Verify Admin Password box, enter the password.
15. Optional: If you want the BIG-IP system to communicate with a specific AD domain controller, enter the FQDN or IP address for the domain controller in the Domain Controller box.
16. Click Next.
17. Click Create New HTTPS Server.
18. In the Virtual Server IP Address box, enter the IP address that you are using for the ActiveSync virtual server.
19. From the SNAT Pool drop-down menu, select Automap.
    
20. In the IP Address of Pool Member text box, enter the IP address of the ActiveSync server.
21. Click Next.
    
    You will be prompted to review the screen.
22. Click Next.
23. Click Finished.
    

Creating the TCP profile

This procedure creates the custom TCP profile that ActiveSync uses.

1. In the Local Traffic menu, click Profiles
2. Hover the mouse over the Protocol tab.
3. Click TCP.
4. Click Create.
5. In the Name box, enter a name for the profile.
   
   For example:
   
   activesync_tcp
6. Select the Idle Timeout check box.
7. In the seconds box, enter the following:
   
   1800
8. Click Finished.

Editing the virtual server

The procedure updates the virtual server with the required TCP profile and iRule for ActiveSync.

1. Log in to the BIG-IP APM Configuration utility.
2. Expand Local Traffic.
3. Click Virtual Servers.
4. Click the name of the virtual server to edit.
   
   Note: The name is the name that was used to create the policy with a _vs suffix. For example, activesync_vs.
   
   The Virtual Server configuration window opens.
5. From the Configuration: menu, select Advanced.
   
6. From the Protocol Profile (Client) menu, select the TCP profile previously created.
7. Configure the appropriate SSL Server profile.
   
   Note: If you are using a custom SSL profile, enter the custom profile in this step.
   
8. Click Update.
9. Click the Resources tab.
10. Next to iRules, click Manage.
11. In the iRules available list, highlight _sys_APM_activesync.
12. Click <<.
    
    The _sys_APM_activesync iRule moves to the Enabled text box.
13. Click Finished.
    

Enabling the Split domain from full Username option (BIG-IP 11.x)

On BIG-IP 11.x, if your user name contains the domain component (<domain>\<username>) this option will split the username from the domain name.

Note: This is not available on BIG-IP 10.x.

1. Log in to the BIG-IP APM Configuration utility.
2. Click Access Profiles.
3. Click Edit next to the name of the access profile previously created.
4. Click the Logon Page action.
5. Select Yes from the Split domain from full Username menu.
   
6. Click Save.
7. Click Apply Access Policy.
8. Click Close.
   

Supplemental Information

• Configuration Guide for BIG-IP Access Policy Manager
• Microsoft Understanding Direct Push
  

  Note: The previous link will take you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.