Exchange 2013 Layer 7 single namespace loadbalancing with Citrix NetScaler

** Updated with custom Ciphers, SSLv3 disabled on Content Switch and LBs, and SSL certificate bindings to the vServers***

I recently had to engage on a very complex deployment, where one of the goals was to utilize the Citrix NetScaler for Exchange 2013 services for a single namespace with Layer 7 and no session affinity.

In this scenario, a single namespace is deployed for all the HTTP protocol clients ( The load balancer is configured to utilize Layer 7, meaning SSL termination occurs and the load balancer and it knows about the target URLs. The NetScaler is also configured to check the health of the target services in the load balancing pool which requires a health probe to be configured on each Exchange virtual directory.

With this, as long as the health probes response is healthy, the NetScaler will keep the traffic in the load balancing pool. However, if lets say OWA health probe fails for any reason, the NetScaler will remove the target server(s) from the load balancing pool for future requests.

The key to this deployment is to set up Content Switching which enables the NetScaler appliance to direct requests sent to the same Web host to different servers with different content. For example, you can configure the appliance to direct requests for dynamic content (such as URLs with a suffix of .asp, .dll, or .exe) to one server and requests for static content to another server. You can configure the appliance to perform content switching based on TCP/IP headers and payload.


  • Windows 2012
  • Citrix NetsScaler NS10.1: Build
  • Exchange 2013
  • Layer 7 Loadbalancing (no session affinity)

NetScaler Prerequisites:

  • Content switching
  • Load balancing
  • Health monitoring
  • SSL offload

Lets start with a visual of what we are trying to accomplish


Now lets work on the config

1. Add Content Switch and Load Balancing VIPs

add cs vserver exch_cs_vserver SSL YOUR_IP_ADDRESS 443 -cltTimeout 180 -caseSensitive OFF

add lb vserver exch_owa_lb_vserver SSL 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_ecp_lb_vserver SSL 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_ews_lb_vserver SSL 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_eas_lb_vserver SSL 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_oab_lb_vserver SSL 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_rpc_lb_vserver SSL 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_mapi_lb_vserver SSL 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_autodiscover_lb_vserver SSL 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_fqdn_autodiscover_lb_vserver SSL 0 -persistenceType NONE -cltTimeout 180

2. Add Content Switch actions and bind to you load balancing VIPs

add cs action exch_owa_cs_action -targetLBVserver exch_owa_lb_vserver
add cs action exch_ecp_cs_action -targetLBVserver exch_ecp_lb_vserver
add cs action exch_ews_cs_action -targetLBVserver exch_ews_lb_vserver
add cs action exch_eas_cs_action -targetLBVserver exch_eas_lb_vserver
add cs action exch_oab_cs_action -targetLBVserver exch_oab_lb_vserver
add cs action exch_rpc_cs_action -targetLBVserver exch_rpc_lb_vserver
add cs action exch_mapi_cs_action -targetLBVserver exch_mapi_lb_vserver
add cs action exch_autodiscover_cs_action -targetLBVserver exch_autodiscover_lb_vserver
add cs action exch_fqdn_autodiscover_cs_action -targetLBVserver exch_fqdn_autodiscover_lb_vserver

3. Add your Content Switch Policies and bind to the previous Content Switch actions you just created.  This is where the magic is, notice the Expressions which will tell NS to direct requests based on the URLs ( Ex: “HTTP.REQ.URL.CONTAINS(\”/owa\”)”)

add cs policy exch_owa_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/owa\”)” -action exch_owa_cs_action
add cs policy exch_autodiscover_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/autodiscover\”)” -action exch_autodiscover_cs_action
add cs policy exch_eas_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/Microsoft-Server-ActiveSync\”)” -action exch_eas_cs_action
add cs policy exch_ecp_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/ecp\”)” -action exch_ecp_cs_action
add cs policy exch_ews_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/ews\”)” -action exch_ews_cs_action
add cs policy exch_mapi_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/mapi\”)” -action exch_mapi_cs_action
add cs policy exch_oab_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/oab\”)” -action exch_oab_cs_action
add cs policy exch_rpc_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/rpc\”)” -action exch_rpc_cs_action
add cs policy exch_fqdn_autodiscover_cs_pol -rule “HTTP.REQ.HOSTNAME.CONTAINS(\”autodiscover\”)” -action exch_fqdn_autodiscover_cs_action
Do not add cs policy exch_eas_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/eas\”)” -action exch_eas_cs_action

4. Bind your Content Switch Vserver to policies and provide priorities

bind cs vserver exch_cs_vserver -policyName exch_owa_cs_pol -priority 100
bind cs vserver exch_cs_vserver -policyName exch_autodiscover_cs_pol -priority 110
bind cs vserver exch_cs_vserver -policyName exch_eas_cs_pol -priority 120
bind cs vserver exch_cs_vserver -policyName exch_ecp_cs_pol -priority 130
bind cs vserver exch_cs_vserver -policyName exch_ews_cs_pol -priority 140
bind cs vserver exch_cs_vserver -policyName exch_mapi_cs_pol -priority 150
bind cs vserver exch_cs_vserver -policyName exch_oab_cs_pol -priority 160
bind cs vserver exch_cs_vserver -policyName exch_rpc_cs_pol -priority 170
bind cs vserver exch_cs_vserver -policyName exch_fqdn_autodiscover_cs_pol -priority 180

5. Now lets create the Service Groups

add serviceGroup exch_owa_service_group SSL
add serviceGroup exch_ecp_service_group SSL
add serviceGroup exch_eas_service_group SSL
add serviceGroup exch_ews_service_group SSL
add serviceGroup exch_rpc_service_group SSL
add serviceGroup exch_autodiscover_service_group SSL
add serviceGroup exch_oab_service_group SSL
add serviceGroup exch_mapi_service_group SSL
add serviceGroup exch_fqdn_autodiscover_service_group SSL

6. Create your custom monitors

add lb monitor exch_ecp_monitor HTTP-ECV -send “GET /ecp/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_ews_monitor HTTP-ECV -send “GET /ews/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_eas_monitor HTTP-ECV -send “GET /eas/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_oab_monitor HTTP-ECV -send “GET /oab/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_rpc_monitor HTTP-ECV -send “GET /rpc/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_mapi_monitor HTTP-ECV -send “GET /mapi/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_autodiscover_monitor HTTP-ECV -send “GET /autodiscover/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_owa_monitor HTTP-ECV -send “GET /owa/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES

7. Now lets bind the member servers to the new Service Groups and bind the custom monitors

bind serviceGroup exch_owa_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_owa_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_owa_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_owa_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_owa_service_group -monitorName exch_owa_monitor

bind serviceGroup exch_ecp_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_ecp_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_ecp_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_ecp_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_ecp_service_group -monitorName exch_ecp_monitor

bind serviceGroup exch_eas_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_eas_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_eas_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_eas_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_eas_service_group -monitorName exch_eas_monitor

bind serviceGroup exch_ews_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_ews_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_ews_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_ews_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_ews_service_group -monitorName exch_ews_monitor

bind serviceGroup exch_rpc_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_rpc_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_rpc_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_rpc_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_rpc_service_group -monitorName exch_rpc_monitor

bind serviceGroup exch_autodiscover_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_autodiscover_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_autodiscover_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_autodiscover_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_autodiscover_service_group -monitorName exch_autodiscover_monitor

bind serviceGroup exch_oab_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_oab_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_oab_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_oab_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_oab_service_group -monitorName exch_oab_monitor

bind serviceGroup exch_mapi_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_mapi_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_mapi_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_mapi_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_mapi_service_group -monitorName exch_mapi_monitor

bind serviceGroup exch_fqdn_autodiscover_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_fqdn_autodiscover_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_fqdn_autodiscover_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_fqdn_autodiscover_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_fqdn_autodiscover_service_group -monitorName exch_autodiscover_monitor

8. Finally lets bind the Service Groups to load balance vServers

bind lb vserver exch_owa_lb_vserver exch_owa_service_group

bind lb vserver exch_ecp_lb_vserver exch_ecp_service_group

bind lb vserver exch_eas_lb_vserver exch_eas_service_group

bind lb vserver exch_ews_lb_vserver exch_ews_service_group

bind lb vserver exch_rpc_lb_vserver exch_rpc_service_group

bind lb vserver exch_autodiscover_lb_vserver exch_autodiscover_service_group

bind lb vserver exch_oab_lb_vserver exch_oab_service_group

bind lb vserver exch_mapi_lb_vserver exch_mapi_service_group

bind lb vserver exch_fqdn_autodiscover_lb_vserver exch_fqdn_autodiscover_service_group

9. Create custom cipher which will get you an A- based on Qualys SSL test and FW and HW version on the NS I am using.

add ssl cipher my_cipher
bind ssl cipher my_cipher -cipherName SSL3-DES-CBC3-SHA
bind ssl cipher my_cipher -cipherName TLS1-AES-256-CBC-SHA
bind ssl cipher my_cipher -cipherName TLS1-AES-128-CBC-SHA
bind ssl cipher my_cipher -cipherName SSL3-EDH-DSS-DES-CBC3-SHA
bind ssl cipher my_cipher -cipherName TLS1-DHE-DSS-AES-256-CBC-SHA
bind ssl cipher my_cipher -cipherName TLS1-DHE-DSS-AES-128-CBC-SHA
bind ssl cipher my_cipher -cipherName SSL3-EDH-RSA-DES-CBC3-SHA
bind ssl cipher my_cipher -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA
bind ssl cipher my_cipher -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA

10. Bind your custom cipher to your vServers

bind ssl vserver exch_ecp_lb_vserver -cipherName my_cipher
bind ssl vserver exch_eas_lb_vserver -cipherName my_cipher
bind ssl vserver exch_oab_lb_vserver -cipherName my_cipher
bind ssl vserver exch_rpc_lb_vserver -cipherName my_cipher
bind ssl vserver exch_mapi_lb_vserver -cipherName my_cipher
bind ssl vserver exch_autodiscover_lb_vserver -cipherName my_cipher
bind ssl vserver exch_fqdn_autodiscover_lb_vserver -cipherName my_cipher
bind ssl vserver exch_owa_lb_vserver -cipherName my_cipher
bind ssl vserver ctx_wi_lb_vserver -cipherName my_cipher
bind ssl vserver exch_cs_vserver -cipherName my_cipher
bind ssl vserver exch_cs_vserver_int -cipherName my_cipher
bind ssl vserver ctx_csg_vserver -cipherName my_cipher

11. Bind SSL cert to your vservers

bind ssl vserver exch_ecp_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_ews_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_eas_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_oab_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_rpc_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_mapi_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_autodiscover_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_fqdn_autodiscover_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_owa_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver ctx_wi_lb_vserver -certkeyName wa_com_ssl_cert
bind ssl vserver exch_cs_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_cs_vserver_int -certkeyName exch_ssl_cert

12. Disable SSLv3 on CS vserver and LB vservers

set ssl vserver exch_ecp_lb_vserver -ssl3 DISABLED
set ssl vserver exch_ews_lb_vserver -ssl3 DISABLED
set ssl vserver exch_eas_lb_vserver -ssl3 DISABLED
set ssl vserver exch_oab_lb_vserver -ssl3 DISABLED
set ssl vserver exch_rpc_lb_vserver -ssl3 DISABLED
set ssl vserver exch_mapi_lb_vserver -ssl3 DISABLED
set ssl vserver exch_autodiscover_lb_vserver -ssl3 DISABLED
set ssl vserver exch_fqdn_autodiscover_lb_vserver -ssl3 DISABLED
set ssl vserver exch_owa_lb_vserver -ssl3 DISABLED
set ssl vserver ctx_wi_lb_vserver -ssl3 DISABLED
set ssl vserver exch_cs_vserver -ssl3 DISABLED
set ssl vserver ctx_csg_vserver -ssl3 DISABLED

Hope this helps and feel free to drop me a note if you need additional pointers 🙂

About CyberRuiz
Highly motivated with over 12 years experience on Citrix/VMWare/Microsoft/technologies. Exceptional communication skills and team player. CCIA – Citrix Certified Integration Architect. CCEA – Citrix Certified Enterprise Administrator. VCP – VMWare Certified Professional in ESX 2.x, VI3, VI4 MCSE – Microsoft Certified Systems Engineer

31 Responses to Exchange 2013 Layer 7 single namespace loadbalancing with Citrix NetScaler

  1. Javier says:

    Insane! thank you so much! We were working on traditional layer 4 load balancing for Exchange 2013. Was looking at the CTX doc for Exchange 2013 and was unsure how to apply Content Switching.

    Great work Daniel!

  2. Citrix Guru says:

    Thank you so much! My LB vServers show as down after I apply them. Monitors show as up.
    What could be the reason

    • Citrix Guru says:

      Hey Citrix Guru. Bind the SSL certs to the VIPs and you should be golden.
      Just updated the post with prerequisites.

      Thanks for visiting my Blog

  3. cstalhood says:

    These are handy commands to speed up Exchange config on NetScaler. However there are a couple typos:

    The Health Check monitors are missing the letter l (lower case L). It should be healthcheck.htm instead of heathcheck.htm.

    The AutoDiscover service group has the http monitor bound to it instead of the AutoDiscover monitor.

    • CyberRuiz says:

      Thanks for the feedback will update the content.


      • cstalhood says:

        Also, need to bind SSL certificates to the SSL vServers.

        And the generic SSL security configs like: disable SSLv3, change ciphers, etc.

        And redirect for HTTP-to-HTTPS and / to /owa.

  4. Exchange Admin says:

    You just made my day! Works like a charm, I passed the Cipher info to our security team and they agree on the cipher settings.

    Really thank you Daniel!

  5. cstalhood says:

    Thanks for the update.

    If you’re bored, here are a some additions:

    * For NetScaler 10.5 build 57 or newer, enable TLS v1.1 and TLS v1.2. Updated ciphers too.
    * HTTP-to-HTTPS redirect (Responder)
    * Rewrite from / to /owa
    * AAA vServer, SSO to OWA, Traffic policy for OWA logoff, enable auth on vServers.

  6. Derek Black says:

    Another great Post….Thanks Daniel!!!!

  7. Danson Ndichu says:

    thanks for this..However, any idea why i cannot authenticate via the NS load balancing to exchange?

    • CyberRuiz says:

      Danson can you be more specific? Authenticate to OWA? Or unable to send to SmartHost? etc?
      This may be a hint (I am not an Exchange person at all) however check if you are allowing the NS snips in any sort of approved list. All traffic to your backend servers will come from the SNIPs. Hope this helps.


  8. Kelly Jones says:

    i seem to be having problems with persistence, i need to have SSLSESSION configured or i cannot login even to webmail, ECP isnt working even with persistence configured if i have multiple servers in a service group, what am i missing?

    • Søren Huus Rasmussen says:

      I have the same problem. I configured OWA to yse SSLSESSION and that seems to work. I guess it should be enabled for ECP too..

  9. Steven says:

    great post, very helpful. Finally got the monitors setup and working for our deployment and gives me an idea how to better setup our deployment

    Can content switching be used with SSL_Bridge on the services?

    • CyberRuiz says:

      You can’t use SSL_Bridge with CSW. However you can do is configuring SSL Offloading/CSW with End-to-End Encryption by re-encrypting the clear text data and using secure SSL sessions to communicate with the back-end Web servers. This would however require for you to install the SSL cert on the back end servers as well.

      Does that make sense?

  10. Maya says:

    Is it possible to block all requests to the activesync url but keep owa functional? I want to keep activesync on, but block it at the netscaler to prevent outside users from accessing it.

    • CyberRuiz says:

      Thanks for checking my blog.
      You can achieve that by creating a responder policy and apply it to the OWA VIP.
      The policy will need to contain something like below. It will need to read the URL that you want to block, then set the action to DROP.


      Hope this works

  11. Zach says:

    Hey Daniel, Great work.
    I’m having one problem > https://fqdn/EWS/Exchange.asmx doesn’t bring up the EWS service through netscaler. My problem is free busy information is not working at all, if I change ews dir to servername.localdomain free busy works like a charm, but i get cert popups because internal domain cannot be on the cert. Any ideas?

  12. Sandeep says:

    Hi Daniel,

    Great Post!

    I am working on a similar deployment where everything is configured exactly like yours.

    The only problem we are facing is with OAB file downloads. (It is not working at all)

    Did you ever get into such scenario.

    Any pointers troubleshoot further are greatly appreciated!

  13. Ivan says:

    This helped me a lot! But I seem to be experiencing errors for outlook and windows live mail. The send/receive operation gets stuck and doesn’t progress. But this doesnt happen to all users, just a few. What could I be missing?

  14. Serkan says:

    Hi Daniel
    I have a question regarding to Exchange SMTP load balancing. I has configure SMTP_LB on Netscaler and enabled USIP. Because I will see client ip,if the client to communicate to Exchange Server over NS_SMTP_LB but no success. I can just see NS SNIP IP Address. I quest,If I create a responder policy for client ip and bind to Content Switching SMTP Server,maybe I can capture client ip. is it possible?



    • CyberRuiz says:

      Do this.
      add rewrite action Insert_Client_IP insert_http_header X-Forwarded-For “CLIENT.TCP.OPTIONS.TYPE(0x1c).GET_SIGNED32(1, BIG_ENDIAN).TYPECAST_IP_ADDRESS_AT”
      add rewrite policy Check_TCP_Options “CLIENT.TCP.OPTIONS.TYPE(0x1c).EXISTS && CLIENT.TCP.OPTIONS.TYPE(0x1c).GET_UNSIGNED8(0).EQ(1)” Insert_Client_IP

      Then bind to the LB VIP or CS VIP

      Hope it helps

      • Serkan says:

        Hi Daniel
        Thank you for your Support. I have a another question regarding to regex response policy.

        My action policy
        responder action “Respond With 422” respondwith q{“HTTP/1.1 422 Unprocessable Entity”+ “\r\n\r\n”}

        My responder policy (it works fine)

        my Customer wants to expand this regex but this syntax is not suitable to netscaler regex syntax.
        Customer regex : VsubscribeVdoumentVaa:(textlpicturevideolgraphic):\d{8}:\d{0,}V(newsml1lnewsml29lwebprintlsdlrasterlepslailpdf)”

        I want add parameters to my regex (VsubscribeVdoumentVaa:(textlpicturevideolgraphic):\d{8}:\d{0,}V(newsml1lnewsml29lwebprintlsdlrasterlepslailpdf)”

        subscriber/document/aa but If the rules does not correspond to subscriber/document/aa (to my currently regex rule) Subscriber/documents/aa regex rules have to contain 8 decimal character and have this character must at least 1 character be otherwise have 422 code reply.

        Could you help me with this case.


  15. guitarscape says:

    maybe I am missing something, but it seesm that exch_cs_vserver_int and ctx_csg_vserver were not defined before they are used?

  16. Linux newbie says:

    Hi Daniel,

    Thanks for this great walkthrough –

    I have two questions:
    1. The following two vserver parameters are not defined before they are referenced/used. what are the roles of these vservers?


    2. what about pop/imap/smtp protocols? The walkthrough load balance traffic going through https port only.

    Many thanks for your attention!

  17. Denis Peach says:

    How do you deal with legacy mailboxes in exchange 2010 where they do not support HTTPS/MAPI. Exchange best practices for mixed environments say to allow traffic on MAPI via TCP/443. I cannot do that on my SSL Content switch.

    • CyberRuiz says:

      Why don’t you do an SSL Bridge for Exchange 2010.
      You can specify type of connections such as SMTP (gets tricky duo to source IP), RPC, address book services, and CAS.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: