none
Accessing UAG portal from internal users RRS feed

  • Question

  • hello

    just wondering if accessing the uag portal or any trunks published in UAG can be accessed thruogh the internal network for internal users ? and how ?


    Best Regards

    Monday, April 23, 2012 7:21 AM

Answers

All replies

  • Hello,

    Yes you could. Just make a trunk on the Internal IP address of your UAG server.

    Don't forget to make the correct updates on your internal DNS servers to put your portal FQDN, ...


    Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) : http://security.sakuranohana.fr/


    Monday, April 23, 2012 9:42 AM
  • can i make the portal to listen on 2 ips ? like external and internally ? as i dont need to creat a portal from scratch for internal users since i need them to use the current one which is published externally


    Best Regards

    Monday, April 23, 2012 9:48 AM
  • You have two choice :

    1. you internal DNS is the same as you public one : make a trunk on your internal card and throught nat publish it to a public IP
    2. On other case you must have one trunk for external and one trunk for internal.

    But you can't make a trunk listen on two network (internal and external) as far as I know.


    Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) : http://security.sakuranohana.fr/

    Monday, April 23, 2012 9:51 AM
  • I was never 100% sure how Microsoft supported the use of Internal-facing trunks was on UAG; my gut feeling was that is was no longer supported after the IWA features of IAG were removed. Hence you may be better to get your internal users to access the external trunk in the same way as external users. Depending on your network setup around UAG, this may be trivial or not possible without some form of NAT solution...

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Monday, April 23, 2012 4:16 PM
    Moderator
  • P.S. Also be aware than two UAG trunks cannot share the same public URL...

    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Monday, April 23, 2012 4:18 PM
    Moderator
  • i have pointed the internal users to public IP for portal.mydomain.com

    while still they getting this error

    Your device does not meet access policy requirements for this site.

    please note that internal users gw is the tmg and tmg and uag is on the same public and internal subnet


    Best Regards

    Tuesday, April 24, 2012 7:39 AM