I want to implement a more secure version of OMA Activesync via TLS, rather than SSL. TLS gives me the FIPS 140-2 accreditation i need and this is very easy to do on the front-end exchange server for instance.
I change tick the use FIPS Cypto option within the server's local security group policy and voila this works. The Windows Mobile 5 itsself automatically understands if the server is using TLS 1.0 rather than SSL and automatically uses TLS.
What i want to find out is that if i make the same Local security proup policy change to a ISA 2006 server, will the ISA be able to automatically publish the front-end server via TLS rather than SSL? Also can the ISA than terminate the TLS connection, check the credentials, re-encrypt and send back to the Front-End exchange server?
In my current test environment i have a simple ADSL ROuter/Firwall protecting the front-end exchange server. I have set the front-end to TLS and this works like a charm for Outlook over RPC, OWA and OMA Activesync which all work over TLS.
I just want to know if i can do the same through an ISA 2006... any ideas?
I can confirm that this works spot on with OWA and Exchange ActiveSync on Windows Mobile 5 devices. So the encryption between the ISA and the end user (OWA or Exchange ActiveSync) is TLS rather than the weaker SSL.
The ISA can also stop the TLS session at the ISA its self, perform the authentication, then the checks and finally allow it onwards onto the Exchange Server.