I ask only because I have yet to see a clear guide, other than the one in the IVE, and it doesn't work with OWA. I have performed the instructions at the bottom of this post, which are the ones right from the SSL Help menu. Now, this works for a basic hyperlink, but not OWA. When you request OWA, it redirects you to the internal FQDN of the host in question. For instance: I go to owa.company.com/exchange, and my requests end up exchange.company.local/exchange, which obviously doesn't work. In looking at the session, the request from OWA passes a "base" tag that is the internal fqdn of the server. I'm assuming this needs to get rewritten somehow in the IVE, but dont know what to do for that to happen. Instructions from IVE: Enabling Activesync Using Activesync, you can synchronize data between a Windows-based desktop computer and handheld devices. The IVE can be used as a reverse proxy to allow users to synchronize their data without installing an additional client application, such as WSAM, on their handheld devices. For more information on using the IVE as a reverse proxy, see Defining authorization-only access policies. Please note the following: * Supports Windows Mobile 5.0 and 6.0 only * Supports Exchange Server 2003 and 2007 * Both NTLM & Basic Auth on the Exchange server are supported * Both HTTP and HTTPS between IVE and Exchange server are supported * If the IVE is used for OWA & Activesync, the hostnames for OWA access and Activesync must be different * No endpoint checking is supported. To configure the IVE as a reverse proxy for use with Activesync: 1. In the admin console, choose Authentication > Signing In > Sign-in Policies. 2. To create a new authorization only access policy, click New URL and select authorization only access. Or, to edit an existing policy, click a URL in the Virtual Hostname column. 3. In the Virtual Hostname field, enter the name that maps to the IVEÕs IP address. The name must be unique among all virtual host names used in pass-through proxyÕs hostname mode. The hostname is used to access the Exchange server entered in the Backend URL field. Do not include the protocol (for example, http:) in this field. For example, if the virtual hostname is myapp.ivehostname.com, and the backend URL is http://www.xyz.com:8080/, a request to https://myapp.ivehostname.com/test1 via the IVE is converted to a request to http://www.xyz.com:8080/test1. The response of the converted request is sent to the original requesting web browser. 4. In the Backend URL field, enter the URL for the Exchange server. You must specify the protocol, hostname and port of the server. For example, http://www.mydomain.com:8080/*. When requests match the hostname in the Virtual Hostname field, the request is transformed to the URL specified in the Backend URL field. The client is directed to the backend URL unaware of the redirect. 5. Enter a Description for this policy (optional). 6. Select No Authorization from the Authorization Server drop down menu. 7. Select a user role from the Role Option drop down menu. Only the following user role options are applicable for Autosync. * HTTP Connection Timeout (Users > User Roles > RoleName > Web > Options > View advanced options) * Allow browsing un-trusted SSL websites (Users > User Roles > RoleName > Web > Options > View advanced options) * Source IP restrictions (Users > User Roles > RoleName > General > Restrictions) * Browser restrictions (Users > User Roles > RoleName > General > Restrictions) For more information on these role options, see Configuring Advanced Web Browsing Options, Specifying Source IP Access Restrictions and Specifying Browser Access Restrictions. 8. Click Save Changes. ... View more