Hi there,

I managed to configure my iPhone and my SBS/Exchange 2003 Server to use VPN and ActiveSync. I can read my emails both with and without VPN.

PUSH works great when connecting the server directly using its public WAN IP address.

But when connected via VPN and using the servers private LAN IP, PUSH is not working anymore. I can "pull" my emails opening the mail app. But I wont get notified.

Any ideas? Anyone?

Thanks a million,

Steve

Push implementation uses UDP for out-of-band notifications. Since many VPNs have overly-aggressive firewalls/NAT implementations that kill or otherwise mangle UDP packets, this is a typical result.

Push implementation uses UDP for out-of-band notifications. Since many VPNs have overly-aggressive firewalls/NAT implementations that kill or otherwise mangle UDP packets, this is a typical result.

That's completely incorrect. Maybe you're thinking of Yahoo!'s push implementation?

ActiveSync uses long-lived HTTP(S) connections for DirectPush.

My bet is that the HTTP requests from the LAN-side of things aren't being answered by your mail server. Why that is, I don't know -- you'd have to ask your local IT administrators about that. Perhaps they've borked the Exchange server's firewall policies, or perhaps they never figured someone would need DirectPush via a LAN IP?

That's completely incorrect. Maybe you're thinking of Yahoo!'s push implementation?

ActiveSync uses long-lived HTTP(S) connections for DirectPush.

My bet is that the HTTP requests from the LAN-side of things aren't being answered by your mail server. Why that is, I don't know -- you'd have to ask your local IT administrators about that. Perhaps they've borked the Exchange server's firewall policies, or perhaps they never figured someone would need DirectPush via a LAN IP?

I agree. Exchange ActiveSync will have been published only to the Internet. All internal connections will more than likely be required to use the MAPI protocol (this is what Outlook uses)

I agree. Exchange ActiveSync will have been published only to the Internet. All internal connections will more than likely be required to use the MAPI protocol (this is what Outlook uses)

Yeah, that's kinda what I figured.

To the OP: you might want to ask your IT dept. about this. If this is what's going on, then you'll need to get them to configure your VPN policy such that connections to the mail server are routed through your WAN interface rather than your VPN interface.