Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Exchange ActiveSync problem
  •  
Wout

Messages: 51
Karma: 1
Send a private message to this user
Hi all!

I'm trying for as far as I know to configure Kerio Control so I can access our Exchange 2003 server from a mobile Android device.

The weird thing is: I can! But, only from an external source like my data connection (3G / HSDPA) or a wifi connection from the neighbors...

When I try to connect true our own WLAN, the Exchange client on my Android is displaying an error that the connection is refused.

Sitrep:

10.0.0.1 - Kerio Control with a Traffic rule that has a port map from everywhere:8500 to 10.0.02:80
I need to change the port because our ISP blocks everything below 8000.

10.0.0.2 - Exchange 2003
10.0.0.13 - Android phone internal IP

index.php?t=getfile&id=2067&private=0

[Updated on: Wed, 03 November 2010 15:20]

  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Is your WLAN within your DMZ or in your LAN?

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Wout

Messages: 51
Karma: 1
Send a private message to this user
My WLAN is connected via LAN. No other devices like portables etc. are having connection issues toward the internet or other LAN servers.
The only device with a problem is my Android.

My phone is making a connection via my dynamic DNS (No-IP).
This way I don't need to re-configure my AS Client all the time from WAN to LAN.

Remember: from the outside, there is no problem what so ever to make a connection to my Exchange.
WAN -> Dynamic DNS -> Kerio Control (10.0.0.1:8500) -> Exchange (10.0.0.2:80)

When it tries to connect to the server like this:
10.0.0.13 -> Dynamic DNS -> Kerio Control (10.0.0.1:8500) -> Exchange (10.0.0.2:80) , it won't work.

[Updated on: Wed, 03 November 2010 23:46]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
  •  
Wout

Messages: 51
Karma: 1
Send a private message to this user
Already did that. No related issues there.
I think this as something to do with the Traffic Rules. I've tried everything that I can know of...
Maybe a config problem elsewhere in Kerio Control?
  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
disabled your DMZ rule and try again.
If your wlan is within your LAN, why is there a rule DMZ that send all traffic to internet.
I can make it clear to you if you have something like Visio drawing of your network.
You have made a thinking error. I think the DMZ rule is the course of your problem.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Wout

Messages: 51
Karma: 1
Send a private message to this user
I already deleted it before, that doesn't change a thing to the AS problem.
When deleted, I cannot access certain Android features because some unknown ports are blocked. That's why I give complete access to the internet.
And IP 10.0.0.5 is my TV, so, without that DMZ, it's useless towards the internet Smile.

For the drawing, I'll try to get one done by tomorrow.

[Updated on: Wed, 03 November 2010 23:45]

  •  
Wout

Messages: 51
Karma: 1
Send a private message to this user
Okay, I got the diagram ready.

This represents a basic layout of the network.
Also, this is the situation that does not work for my Android AS...

index.php?t=getfile&id=2073&private=0

  • Attachment: Network.png
    (Size: 69.02KB, Downloaded 3828 times)

[Updated on: Wed, 03 November 2010 23:42]

  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Where is 10.0.0.5 in your drawing
Before Control or in LAN. because i can't find it.
Your WAN hasn't a IP ???
How many NIC is in the Control system?
Because then it make the sense where the problems come from.
I'm creating your network here in a VR and on paper.
So that i can give you the right rule set
If your TV is in the LAN it must connect to your IDTV decoder?

To let it work you need a WAN IP segment and a LAN IP segment.
So two NIC's in the Control computer and a good setup.


ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Wout

Messages: 51
Karma: 1
Send a private message to this user
The 10.0.0.5 is my TV, not the decoder. My TV also has an eth connection to stream movies via DLNA.
And the IDTV decoder has a connection to the internet next to the LAN, so this is not relevant to the problem.

My WAN has an ip. But it is connected the a dynamic DNS, it changes every 48h or so.

There are 2 nic's in the 1st server with Kerio installed.
LAN (10.0.0.1) and WAN (With dynamic DNS).

index.php?t=getfile&id=2082&private=0

  • Attachment: Network.png
    (Size: 79.16KB, Downloaded 3593 times)

[Updated on: Thu, 04 November 2010 13:29]

  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Try this as rule set
Name Source Destination Service Action Log Translation
Firewall Traffic Firewall any any V
Internet Acces Trusted/Local Internet Any V NAT(wan)
Local Traffic Firewall Trusted/Local Firewall Trusted/local any V
Internet to Exchange Internet Firewall TCP 8500 V MAP 10.0.0.2:80
Trusted to Exchange Trusted/Local Firewall TCP 8500 V MAP 10.0.0.2:80

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Wout

Messages: 51
Karma: 1
Send a private message to this user
Tried the rules, Android still refuses the connection to 213.118.xxx.xxx:8500 (WAN IP) on my network...

Checked via ping.eu if the port is open and yes, it is.
Otherwise I could not contact the exchange via 3G or other WiFi...

[Updated on: Thu, 04 November 2010 23:27]

  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
index.php?t=getfile&id=2084&private=0


ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Wout

Messages: 51
Karma: 1
Send a private message to this user
Tried the rules, Android still refuses the connection to 213.118.xxx.xxx:8500 (WAN IP) on my network...

Checked via ping.eu if the port is open and yes, it is.
Otherwise I could not contact the exchange via 3G or other WiFi...
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Terradyn,

It seems better that we speak 1 on 1 with skype or MSN.
I see that you are from Belgium and perhaps speaking also dutch (vlaams) Wink
I think that i know what your problem is now.
You trying to work from inside to outside and back.
That won't work.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
Previous Topic: VPN DNS server
Next Topic: Do not allow static users
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 25 01:04:48 CET 2017

Total time taken to generate the page: 0.00548 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.