Hi Marcin,

Your suggestion could be possible, but I need OWA published for OMA mobile access (iphone, ecc…).

Second suggestion, use webvpn on different port, could be possible too, but this is out of standard and usually (hotel,hotspot,ecc..) allow only port 80 and 443 !

This is the reason why I would like to make working OWA and SSL together the problem is that I have only 1 IP Address available.

Lorenzo

Lorenzo,

Bear with me - this will be long, but should work.

What I suggest is to have OWA avilable via SSL VPN portal.

What you can do is.

Point  DNS entry for OWA to your ASA's IP as something like owa.mydomain.tld

In webvpn portal you make sure that actual page of OWA is set as "homepage" veriable (either via IP or via DNS name).

If it's needed you create single sign on (SSO) on the ASA to make sure that once user is logged into ASA will automatically be logged into OWA (without entering the credentials twice).

What you will most likely need to do also in practice is to make sure that users logging into the VPN portal are authenticated via LDAP to the same server OWA is authenticating to.

This will maximize use of your ports and will allow Anyconnect and OWA to work at the same time.

Marcin

Marcin,

i understood what you mean, question is, how, with this configuration, the mobile device can access to email ?

Iphone has SSL client, but Android not !

Lorenzo,

Well, how is OMA published exactly ? I have never dealt with it. Is there like a special link that they need to access?

You can try to reach out to the guys in your account team to see if there might not be something supported here.

Actually for smart phones, OWA access over SSL should work just fine ... but again there might be some specifics on MS side I'm not aware of.

Marcin