Sorry if this is a dumb question as i am new to ISA
What i would like to do is as follows:
- Computer certificate from our own CA on Win mobile 5 device to ensure trusted device - ISA 2006 using bridging mode to terminate connection in DMZ and configured to use LDAP to authenticate user ID and password.
Is this a viable setup for mobile push from Exchange 2003 to Windows Mobile 5 devices and if so, are there any tips or tricks?
The only issue I can think of is that Exchange will only authenticate via basic auth. Direct Push is essentially a stripped down OWA made just for phones. It's more involved than that, but if you just take it to basics, it's still an Exchange published website meaning it won't work unless you do basic authentication.
The cert idea is nice and we're thinking about that at my place, also.
One thing of note, why the name/password prompt? You can set direct push to need users to require a password and lock the device every few minutes. If you set it to, say, a 6 digit password and to erase the device after 10 bogus attempts, I'd call that fairly secure. If someone found a phone they'd have to know your length of password, first off. Second, even if they did, that'd give them 6 1-in-100,000 attempts at getting on the phone, and once they fail on the 11th attempt, the phone wipes itself. Third, if the phone is deemed lost, as long as it has the MSFP (i.e. AKU2) you can take action and wipe the device. I also wouldn't allow anyone to use Direct Push without this feature pack.
So my advice would be go for the cert idea, but leave the authentication to just using the Active Sync setup used on Mobile 5 devices.