locked
Changing default gateway UAG RRS feed

  • Question

  • We use UAG for OWA, RDP and the network connector using both methods (SSTP and orginal) have no plans on going to direct access at this point. Had an issue where network connector client could not use a vendor app points to a router that is located in DMZ behind internal firewall nic. I found if I add that ip range to UAG under Network Config Wizard and then set a permanent route for that range thats points to the firewalls internal Nic the client is able to get to that range fine. The vendor has many ranges that I would need to add but what I was wondering is if I were to change the default gateway to the internal Nic instead of the External Nic would this break UAG or just direct access?

    Tuesday, August 24, 2010 1:59 PM

Answers

  • Steve,

    For your scenerio you will need to keep adding all those routes persistantly.

    You cannot have the default gateway on the external nic.  The reason is because the default GW is where all traffic that isnt defined internally will be sent.

    ie.. you cant know all the public IP's and subnets out there to create routes for each one...

    However, that application should of worked through network connector.   You should check if the IP of the vendor app is located under the "Additional Networks" tab... this is especially the case if under IP provisioning, your using Private IP addresses.

    Remember that NC also has the Default Gateway setting you can define for Network Connector clients.

    Thanks

    Dennis

    • Marked as answer by Erez Benari Thursday, September 2, 2010 8:45 PM
    Wednesday, August 25, 2010 6:06 AM

All replies

  • Hi Amigo. I am not sure to fully understand the problem, but if you are planning to remove the default gateway from the external NIC and assign a default gateway to the internal NIC instead, the most likely is that you loose your Internet access. The suggested configuration is to assign a default gateway to the external NIC and add internal subnets with static routes manually. Never asign two default gateways to two different interfaces

    Hope it helps


    // Raúl - I love this game
    Tuesday, August 24, 2010 4:02 PM
  • Steve,

    For your scenerio you will need to keep adding all those routes persistantly.

    You cannot have the default gateway on the external nic.  The reason is because the default GW is where all traffic that isnt defined internally will be sent.

    ie.. you cant know all the public IP's and subnets out there to create routes for each one...

    However, that application should of worked through network connector.   You should check if the IP of the vendor app is located under the "Additional Networks" tab... this is especially the case if under IP provisioning, your using Private IP addresses.

    Remember that NC also has the Default Gateway setting you can define for Network Connector clients.

    Thanks

    Dennis

    • Marked as answer by Erez Benari Thursday, September 2, 2010 8:45 PM
    Wednesday, August 25, 2010 6:06 AM