Wireless Access

Reply
Highlighted
MVP Expert

Re: Activesync and Aruba

 

I imaging that your wired users are able to reach the exchange server with no issues ?

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
Occasional Contributor II

Re: Activesync and Aruba

Yes, oddly enough I can see my phone traffic hitting the front end exchange.  So perhaps it is something on the way back that is not making it through.  I'll do a tcpdump and see what comes of that.  NAT had also come to my mind as well.

 

@vVFabian

 

Yes, everything from a desktop PC or Laptop to exchange is good.  Everything works great in Activesync when we're on the cellular network outside the company (Tested on lunch)  It's just when we're connected to the internal wireless that it craps out.

Highlighted
Occasional Contributor II

Re: Activesync and Aruba

So I ran a TCPDUMP on the firewall for my phone's IP Address on the wireless network.  Ran TCPDUMP as the src and the dst.

 

I saw all kinds of traffic from my phone hitting the front end exchange server, however I saw absolutely zero traffic coming back to my phone from the server.  Our consultant is telling us that it's because we're going outside to the internet and then coming back in to get to exchange, however this is defitienly done by design.  The wireless networks aren't supposed to be communicating internally with the servers, their entire purpose is just to provide mobile devices internet access.  So this makes sense why it's acting this way. The consultant tells us that the Check Point firewall doesn't like it when this happens.


There has to be a way to make this work, I can't imagine that we're the only ones running into this.  It worked on our Sidewinder Firewalls, there has to be some way, without having to do any drastic network redesigns.

Highlighted
MVP Guru

Re: Activesync and Aruba

So this should work similiar to hairpin routing?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Activesync and Aruba

We actually got this working.  It appears it was an ICMP redirect that was causing the issue.

 

We had to add a static route to the exchange server telling it to go out our firewall interface for our wireless network instead of the core switch.  Apparently Checkpoint hates ICMP redirects.  Which is something we need to fix on a greater scale as apparently Server 2008 and server 2012 also don't like it.

Thanks for all your suggestions and help guys!  Much appreciated.

View solution in original post