cancel
Showing results for 
Search instead for 
Did you mean: 

activesync restrictions

Frequent Contributor

activesync restrictions

hi all,

i would to restrict the access to my activesync using certficate of trusted client ca i'm running 6.5 IVE-OS.

has anyone done this before?

2 REPLIES 2
Frequent Contributor

Re: activesync restrictions

This is supported in SA OS 7.0

See http://www.juniper.net/techpubs/software/ive/releasenotes/j-sa-sslvpn-7.0-whatsnew.pdf

SA 7.0 also extends ActiveSync support by enabling Client Certificate authentication for ActiveSync access. Any mobile device capable of supporting ActiveSync (push e-mail) along with client side certificates can now be challenged by the SSL VPN for a valid client certificate before being allowed access to the ActiveSync server, thereby providing greater assurance than only properly authenticated mobile devices can reach the corporate email services. Client certificate authentication will be supported on the internal port, external port, and virtual ports defined on the internal or external ports.

Occasional Contributor

Re: activesync restrictions

The configuration for activesync in the 7.0R1 admin guide (p1046) only references authorization servers of the SiteMinder flavor.

So how do you accomplish client cert authentication for an iPhone using activesync? Do you ignore the admin guide activesync config, and just use a regular login realm with the CA as authentication, LDAP as directory/attribute, and assign a role with a web profile allowing access to the activesync server?

If that's not it, how it it done?

Thanks in advance!