Forum Discussion

Shankarraju_121's avatar
Shankarraju_121
Icon for Nimbostratus rankNimbostratus
Feb 13, 2014

Disabling RADIUS Authentication for Outlook Anywhere, Active Sync and Autodiscover

Dear Techmates, I have recently configured Exchange 2010 SP1 application through F5 LTM+APM using the latest iAPP template f5.microsoft_exchange_2010_2013_cas.v1.2.0 . I have a single F5 BIG-IP used provides both LTM + APM Features. I have selected correct deployment scenario and necessary AAA authentication had been configured for successful login.

 

I can access OWA, OA, Active Sync and Auto Discover features of Exchange 2010 through the default Access policy created without any issues. However, we need to integrate the RADIUS device (PINSAFE) for dual factor authentication as this is required for OWA login. I have modified the Access policy and integrated with RADIUS.

 

The issue is not after the RADIUS integration, Only OWA works and other HTTPS features such as Outlook anywhere, AD, and AS were not working. Can someone help me with an irule to disable Radius for Outlook anywhere, AD, and AS except for OWA.

 

Your help is much appreciated. Regards, Shankar. R

 

APM
application delivery
deployment
devops
iRules
LTM
security

2 Replies

Sort By
  • Shankarraju_121's avatar
    Shankarraju_121
    Icon for Nimbostratus rankNimbostratus
    Feb 13, 2014
    The issue is now that after the RADIUS integration, Only OWA works and other HTTPS features such as Outlook anywhere, AD, and AS were not working. Can someone help me with an irule to disable Radius for Outlook anywhere, AD, and AS except for OWA. Your help is much appreciated. Regards, Shankar. R
  • steve_87999's avatar
    steve_87999
    Icon for Nimbostratus rankNimbostratus
    Feb 13, 2014

    Hi Shankar. You might be able to enable the Access Profile on the Virtual Server then write an irule that disables the Access Profile if the traffic isn't OWA.

     

    Note: Access::disable disables the Access Profile.

     

    when HTTP_REQUEST { if { [string tolower [HTTP::uri]] starts_with "/owa/" } {

     

    log local0. "OWA Traffic Keep Access Profile"

     

    } else {

     

    ACCESS::disable

     

    log local0. "Not OWA Traffic Access Profile Disabled"

     

    }

     

    }