System Center Mobile Device Manager TechCenter >
Mobility Forums
>
System Center Mobile Device Manager
>
SCMDM 2008 SP1 - Gateway server considerations
SCMDM 2008 SP1 - Gateway server considerations
- Hi there,
Once I put the scmdm gateway server in the dmz, can i configure it to assign ips from the dmz range. i.e my gateway dmz ip is 192.168.10.1 , is it ok if i configure the virtual managed device ips as 192.168.10.2 - say 192.168.10.100 (i will not be using this ip range on anything else in the dmz zone). If that cant be done and say i assign 192.168.11.x for the managed devices VPN, how do i ensure they have the right routes to the DM server from this range ? how does the firewall/router in the DMZ zone know what 192.168.11.x range is ? does the routes actually sit on the gateway server or on the firewall/router itself ? and correct me if i am wrong but lets say i need mobile devices to be able to access exchange active sync from this range , do i just allow https (443) from this private range (192.168.11.x) to the internal exchange server on the firewall?
Cheers
Ras
All Replies
- The IP pool for the devices must be a completely separate and virtual pool, as in no other computer should have an address in that pool. So you are free to define whatever you like as long as it's not a subnet you use anywhere else, whether in the DMZ or LAN, and it's in i private range.
That also means that you need to add static routes from and to this subnet. Exactly where you define these routes are infrastructure dependent, but basically your gateway needs a route to the subnet (via gateway) and the gateway needs a route from the subnet to the LAN. (Or the specific servers on the LAN the device needs access to if you want to lock it down.)- Proposed As Answer byWayne Phillips.MVP, ModeratorSunday, November 01, 2009 10:15 PM
