Here's a dillema. You have a requirement to enable ActiveSync. As we know, ActiveSync uses 443. You open your firewall and allow 443, aimed straight at your CAS, so that ActiveSync can work. Now, anyone with knowledge to type https://activesync.yourorg.tld/owa will be able to get in to OWA BYPASSING the whole reverse proxy concept. Juniper Reverse Proxy is available - I'm wondering if I should have the traffic traverse Juniper, instead of being directly NATed to CAS NLB VIP. If so, please tell me exactly what I need to tell our network team, so that they know how to fix. Thanks in advance

Anyone?

Anyone?

This may or may not apply to you, but we restrict access to OWA/ActiveSync on a user-by-user basis via the "Exchange Features" tab in AD Users and Computers. This is with Exchange 2003/Server 2003.

This may or may not apply to you, but we restrict access to OWA/ActiveSync on a user-by-user basis via the "Exchange Features" tab in AD Users and Computers. This is with Exchange 2003/Server 2003.

^ thanks but that doesn't apply, since we're using 2010. this is more of an access, rather than permission situaiton. Reverse Proxy seems to be the only option, if we want to limit what internal/external users can get.