Exchange_active_sync_issue

Question

Hello ,&nbsp;
we have an issue with active sync. we are using f5 for load balancing for CAS.But real ip is being published to wan through our proxy and firewall is doing source nat to proxy as part of security and proxy is seeing single ip as source ip and proxy is sending single ip to f5. But f5 cannot load balance probably and so f5 is sending packets to single member due to persistence. is there a way to solve the issue with any i rule or Do we need to remove source nat config from proxy? if we remove nat from proxy, we need to accept any wan ip for load balancing. Could i please get your explanation. Can we do destination nat on the topology.&nbsp;
Clients ---&gt;firewall---&gt; proxy----&gt;f5----&gt; cas nodes&nbsp;
Thanks, &nbsp;

richard__harlan · Answer

Did you deploy the application with the latest iApp? It sounds like you are useing source persist and do not have oneconnect enabled. With the iApp I believe it using a iRule to and doing universal persist based on the Auth cookie. &nbsp;
persist uie [HTTP::cookie "OutlookSession"] 3600&nbsp;

waterfall_10467 · Answer

yes i have deployed it with latest iapp template" f5.microsoft_exchange_2010_2013_cas.tmpl " and i did not change anything on the configuration. in any case ,i checked config again but i think everything is ok for the deployment.

a__gotink_33511 · Answer

The iApp template uses an iRule to determine persistence.
For Active Sync it is "persist uie [HTTP::header "Authorization"] 7200"
You can check this usage by looking at statistics for the persistence records.&nbsp;
But we also face a problem that active sync connections are not evenly balanced...&nbsp;

Forum Discussion

Exchange_active_sync_issue

3 Replies

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4