locked
Forefront UAG Simple Deployment Help RRS feed

  • Question

  • I am currently in the process of looking to use Forefront UAG as a anywhere remote access. Please be aware that I will be running this on my home network. I am at a stage where I am a little confused as to the supported deployment scenarios that I can use for Forefront UAG.

    To give some information as to my setup:

    I currently have a domain setup with a Windows Server 2008 R2 Domain Controller, Exchange Server 2010 on my internal network which is 192.168.1.0/24

    I only have one external Public IP Address supplied to me by my ISP.

    My initial thoughts were to put Forefront UAG behind my ADSL2+ Modem Router and then have the Modem Router and UAG on a external network (for example the 10.0.0.0 network) and then have my internal network on the 192.168.1.0 network.

    e.g.

     

    WAN >> ADSL2+ Modem Router (10.0.0.1) >> Forefront UAG (External NIC: 10.0.0.2 / Internal NIC: 192.168.1.1) >> Switch >> Internal Servers/Computers (192.168.1.0)

    I have also created a Visio Diagram of the proposed layout of my network and you can view it here: http://img193.imageshack.us/i/networkdiagram.jpg

    Looking through the documentation for UAG the Internal NIC of the UAG Server would have no gateway, the external NIC would have the Modem Router as the gateway for access to the internet. Internal clients would use the Internal NIC of the UAG Server for their gateway.

    My question: Is this even possible and if so how do I enable clients to contact the internet through the UAG (as it;s the default gateway for internal clients).

    If this deployment method is not supported I would appreciate if someone else could provide a possible solution for me.

    Thank you for all your help.


    Cheers.

    Thursday, January 13, 2011 12:12 AM

All replies

  • If Im not mistaking UAG is not a proxy server. I dont think u can use it for accessing the internet. UAG is desing for accessing internal recorces.
    • Proposed as answer by ZarkoC Thursday, August 11, 2011 1:19 PM
    Thursday, January 13, 2011 8:30 AM
  • Hi,

    It might seem TMG would be the best solution for you: http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/threads

    Thursday, January 13, 2011 11:30 AM
  • For this kind of setup - I would recommend TMG too.

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Thursday, January 13, 2011 5:41 PM
  • Hi ZarkoC,

    Thank you for your reply. I understand that Forefront UAG cannot be used by clients to access the internet. I am not after a proxy solution either. I know exactly what UAG and TMG both have to offer. I have chosen UAG for it's ability for remote clients to access network resources.

    What I am asking is what configuration can I use that will work for my home network.

     

    Thursday, January 13, 2011 6:32 PM
  • Then TMG is the way to go, as Snendis and Thomas already mentioned. Just instead of UAG put TMG and it should work.

    Rgds 

    • Proposed as answer by ZarkoC Thursday, August 11, 2011 1:19 PM
    Thursday, January 13, 2011 6:37 PM
  • Also, you can deploy DirectAccess with TMG. It's a bit more complicated (lot more) than with UAG, but it can be done and is documented on the TMG Team Blog.

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Friday, January 14, 2011 1:40 PM