For this topology, the managed device accesses the Mobile Device Manager (MDM) Gateway Server in the perimeter network to use MDM. The MDM Gateway depicted in this scenario may be used for both cellular and Wi-Fi communication for a managed device.

It is assumed that MDM is deployed and operational in your network before proceeding with the setup guidelines offered in this section. For information on how to enable and configure Wi-Fi on your Windows Mobile device, see Windows Mobile Device Wi-Fi Configuration.

Topology benefits include the following:

The numbers in the above illustration highlight the following:

  1. The MDM managed device uses an internal wireless access point to access the MDM Gateway Server external network interface in the perimeter network. VPN client is enabled on the managed device.

    The managed device should already be configured with the external DNS name of your MDM Gateway Server. For more information on configuration and setup of MDM Gateway Server, see MDM Deployment Guideand MDM Planning Guide.
  2. MDM Gateway Server passes network traffic from the managed device to MDM Device Management Server. This process is similar to a device communicating externally from your network to MDM Gateway Server. If you are using a web proxy in the perimeter network to route mobile device traffic back out to the Internet, no modifications are required. Also, another possibility is for you to use a tunnel default gateway, which routes all mobile device traffic to the Internet.

  3. If the internal firewall does not allow IPsec traffic to pass through bi-directionally, you must open UDP ports 500 and 4500 on the internal firewall inbound and outbound. You must open Protocol 50 (IPsec ESP), if using non-NAT–based traffic.