Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configuring SSL VPN as Reverse Proxy for Lync

SOLVED
Go to solution
dcvers_
Regular Contributor
‎09-15-2011 04:09:AM
‎09-15-2011 04:09:AM

Configuring SSL VPN as Reverse Proxy for Lync

Has anyone configured the SSL VPN box as a reverse proxy for Microsoft Lync. We are using it for OCS 2007 R2 using Authentication Only sign in policy and it works but Lync is working. I think I need to use the "Host-Header forwarding" option but doesn't seem to be available via Authorization only policies. I tried using a web profile to set up the access but can't get it to work.

Version 6.5R4.1 (build 15977)

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
mcaulifn_
New Contributor
‎01-18-2012 04:39:AM
‎01-18-2012 04:39:AM

Re: Configuring SSL VPN as Reverse Proxy for Lync

I created this example on my lab box using meet.example.com.

  1. Internal DNS has to match external DNS. Because we don't have the same DNS servers for both servers, we used a GTM WideIP to answer the SA's internal DNS request.
  2. I created a new external Virtal Port specifically for all Lync traffic. This is optional.
  3. Create a new role. Role should only have "Web" selected. Do not create bookmarks now, that will be addressed later.
  4. Create a new URL. See attached picture for options. Select new role created in step 3.
  5. Create new Web Resource Profile. See attached picture for settings. To access the "Autopolicy: Rewriting Options", click "Show ALL autopolicy types". After saving the main screen, the SA will move to the Role tab. Select the role created in step 3.

That should be it.

View solution in original post

0 Kudos
18 REPLIES 18
hagbard_
Occasional Contributor
‎09-29-2011 02:29:AM
‎09-29-2011 02:29:AM

Re: Configuring SSL VPN as Reverse Proxy for Lync

Have you ever got it working? I try to configure the same ;-)

0 Kudos
zanyterp_
Respected Contributor
‎10-01-2011 11:37:PM
‎10-01-2011 11:37:PM

Re: Configuring SSL VPN as Reverse Proxy for Lync

You are correct that the option for host-header forwarding is not available for the authorization only URL. Does passthrough proxy work with anonymous auth and a customer start page to the URL?

0 Kudos
hagbard_
Occasional Contributor
‎10-05-2011 01:21:AM
‎10-05-2011 01:21:AM

Re: Configuring SSL VPN as Reverse Proxy for Lync

OK, got it working. It seems that the host-header forwarding is not required. At least in our environment. I just used a virtual hostname.

I tried to configure the passthrough proxy option as well - however after signing in (typing the hostname in the browser) I see a link to the lync site which i need to click. The request is not forwarded automatically - but thats what we needed.

0 Kudos
dcvers_
Regular Contributor
‎10-07-2011 06:42:AM
‎10-07-2011 06:42:AM

Re: Configuring SSL VPN as Reverse Proxy for Lync

Hi hagbard,

Can you provide some details on what you configured to get it working.

I've been trying without success and we are getting to the point where we are considering installing an MS reverse proxy.

Cheers.

0 Kudos
zanyterp_
Respected Contributor
‎10-07-2011 06:56:AM
‎10-07-2011 06:56:AM

Re: Configuring SSL VPN as Reverse Proxy for Lync

@dcvers: It looks like he used passthrough proxy rather than the authorization only URL; have you tried that as well? This option is similar except it requires login prior to passing you through to the site.

 

@hagbard:  if you enable the custom start page option for the role, does that work for you?

0 Kudos
donoche_
Occasional Contributor
‎10-11-2011 01:22:AM
‎10-11-2011 01:22:AM

Re: Configuring SSL VPN as Reverse Proxy for Lync

hi Guys Pls if i may ask the SSL acts as a reverse proxy device right?

0 Kudos
zanyterp_
Respected Contributor
‎10-11-2011 06:09:AM
‎10-11-2011 06:09:AM

Re: Configuring SSL VPN as Reverse Proxy for Lync

Not really; it acts similar to a reverse proxy in that users see/interact with the external-facing unit, but is not a true reverse proxy in that there is rewriting of the content to go through and reference the external-facing host name.

 

When you configure an authorization only URL, the unit functions as close to a traditional reverse proxy as possible in that users see the external site but no modification is done.

 

Is there a specific item you have a query about?

0 Kudos
dsatkhan_
New Contributor
‎01-17-2012 12:40:PM
‎01-17-2012 12:40:PM

Re: Configuring SSL VPN as Reverse Proxy for Lync

it seems that we do not have a working config here. I get error 404 on "authorisation only" proxy. I can not add an option to preserve host headers, as there is autopolicy on "authorisation only".

So casn someone validate that Juniper SSL works ok with Lync as a reverse proxy at least for meet.domain.com functionality?

0 Kudos
zanyterp_
Respected Contributor
‎01-17-2012 12:44:PM
‎01-17-2012 12:44:PM

Re: Configuring SSL VPN as Reverse Proxy for Lync

Hi dsatkhan,

 

I believe that the others on here have needed to use passthrough proxy rather than authorization only, due to being able to configure some items that may be needed, such as host-header forwarding.

 

What is "meet.domain.com functionality"?

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.