We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SSL VPN

How do I configure Outlook Web Access with HTTP auth on my Barracuda SSL VPN?

  • Type: Knowledgebase
  • Date changed: 9 years ago
Solution #00003825

Scope:
This solution applies to Barracuda SSL VPNs, all firmware versions.

Answer:
Configuring Barracuda SSL VPN to proxy Outlook Web Access is a simple process. By taking advantage of Barracuda SSL VPN you are now able to move your OWA servers from the demilitarized zone (DMZ) and place them deeper inside the corporate network. Barracuda SSL VPN will act as an intermediary between clients and OWA, proxying web traffic, and encrypting the data with SSL. You can also take advantage of the layered authentication schemes to provide greater security measures.

There are a couple of caveats to consider when using OWA through the reverse proxy.
  • Public folders cannot currently be accessed through the reverse proxy. The OWA application inserts direct links to the exchange server in the HTML so any attempt to access public folders will result in an attempted direct connection with the exchange server.
  • Host headers are not processed correctly by the OWA application. This causes a problem when OWA or SSL VPN are running on a non-standard port. In order for this to work correctly OWA and Barracuda SSL VPN must be listening on the same port. This can be worked around by adding an additional listening interface to the IIS server hosting OWA so that it listens on the same port as Barracuda SSL VPN. There is a separate solution for 404 errors with OWA.
  • We recommend that ActiveDNS is not used for OWA since the user will then have the ability to access any other web application that may be running on the OWA server. Entry of paths ensures that they are restricted to the OWA application only. This is the preferred method for all web forwards where possible.
The recommended steps to configure OWA and SSL VPN are as follows:

Configure Active Directory authentication in SSL VPN. This means that your users will not need to enter passwords to log-on to OWA. You can configure SSL VPN to authenticate to OWA using the credentials of the logged-on user.

Create a Reverse Proxy web forward. In the resource wizard enter the path to the OWA application in the Destination URL field. e.g.

OWA 2000/2003 - https://mail.example.com/exchange

OWA 2007 - https://mail.example.com/owa

After creating the resource, edit it and then in the 'paths' text area, enter the extra paths for your OWA version if required:

OWA 2000/2003 -
/exchange
/exchweb

OWA 2007 -
/owa

If OWA is set to use HTTP authentication, on the authentication details page select the authentication type required by the OWA server. Insert ${Session:username} and ${session:password} into the authentication credential fields. If OWA is set to use Form based authentication, there are other solutions for this specific case.

Assign the resource to a suitable policy. Click 'Finish' to complete the wizard and save the web forward.

Link to This Page:
https://campus.barracuda.com/solution/50160000000HVAqAAO