cancel
Showing results for 
Search instead for 
Did you mean: 

Activesync on an iOS device with Juniper SSL VPN as a reverse proxy

gav1nb81_
Not applicable

Activesync on an iOS device with Juniper SSL VPN as a reverse proxy

Hello,

 

I hope somebody can help, I've hit a brick wall on this.

 

Goal:

I want to proxy Activesync connections from an iPhone through our Juniper SA2500 to the Exchange server, using a certificate authentication to the Juniper.

 

Problem:

I cannot get this to work with an iPhone or iPad running the latest iOS. An Andriod (4.4 KitKat) works fine as does a Windows Mobile 6 emulator. Those devices are pointed at a virtual internal port on the Juniper (via the firewall), authenticated with a certificate on the device and successfully passed through to the Exchange server and e-mail flows fine, so I can confident the Juniper is set-up correctly as I can see the Activesync connection and certificate request in the User Access Logs.

 

However, this doesn't work with an iPhone. The certificate *appears* to be on the device as if I turn off 'Allow ActiveSync Traffic Only', I can browse through to the virtual host in Safari and am proxied to the standard IIS page on the Exchange server. I can see the event in the user access logs that Safari is using the certificate.

 

When I set-up or push out a configuration profile to the iPhone or iPad the device's Maill app will not verify the Exchange connection and there is no logs at the Juniper. If I remove the certificate requirements on the virtual port and remove certificate requirement from the role, the Mail app verifies the Exchange connection and is able to connect correctly.

 

Is there any other settings I need to add or change specifically for an iOS device? As I said, other devices work fine so is this an iOS problem? Everything in the Apple documentation says that certificates are fully supported for client authentication.

 

Any help would be greatly appreciated!

 

Thanks,

GB