locked
UAG DA : access multiple subnets? RRS feed

  • Question

  • I have a UAG system (finally) tentatively set up in a fashion that allows me remote network access between remote clients, and the the immediate DA related subnet (10.0.0.0/24).

    What I am looking to do is to be able to access a secondary subnet within the corporate intranet via Direct Access on remote clients if it is possible.

    Is there a recommendation / guide / insight / how to make this work or why it would not?

    Essentially the scenario is: A remote client (192.168.0.0/24) connects over the internet (global addressing) to the end-to-edge DA server (10.0.0.0/24), then can be transparently routed to another internal subnet (10.0.1.0/24). 

    Can this be securely accomplished using a DA UAG setup?

    Thank you very much for any help.


    -Aaron

    Thursday, April 15, 2010 10:35 PM

Answers

All replies

  • If you get Joe Davies IPV6 book it has information in it that may help you.  It explains the different types of IPV6 addresses available and even has chapters in the back with sample setups.  There is a chapter on routing. 

    It would be a great addition to the documentation to have an example of this setup.

    What router are you using?

    Friday, April 16, 2010 4:09 AM
  • As it stands, this is wholely contained within a Hyper-V setting.

    Home network subnet : 192.168.137.0/24
    Fake internet subnet : 131.107.0.0/24
    Hyper-V business intranet subnet : 10.0.0.0/24
    Real business intranet subnet : 10.0.1.0/24

    The home, fake, and hyper-v business subnets are all private virtual machine networks.

    The Domain Controller within the Hyper-V business intranet subnet also has a virtual adaptor connected to the real business intranet subnet.

    So I'm trying to find a way to efficiently route the traffic between the virtual internal network, and the real internal network.

    Monday, April 19, 2010 8:29 PM
  • Heh,

     

    Joe has been at it again.  This provides some information on what you are after (Not specific to UAG)

     

    http://technet.microsoft.com/en-us/library/ff625682(WS.10).aspx

     

    • Marked as answer by Karen Ji Thursday, May 6, 2010 7:20 AM
    Tuesday, April 20, 2010 6:32 PM
  • Thanks Don,

    That does help a little bit.

    The business intranet is entirely IPv4 based, and likely requires the UAG DNS64 / NAT64 functionality.

    Thus far I have been able to configure a virtual router (Vyatta core v6; 10.0.0.5) within the Hyper-V environment to NAT masquerade traffic from the private intranet (10.0.0.0/24) out the business intranet address of 10.0.1.12/24 on a second NIC.

    After adding a forwarder to the private intranet DNS server (10.0.0.1), all systems directly configured on the 10.0.0.0/24 subnet could ping, rdp, file share with IPs or FQDN of systems in the business intranet (10.0.1.0/24).

    So now I am trying to ensure that DA clients, when roaming, can also be properly directed between it all.

    So far, they roaming DA clients actually do get the FQDN resolved as a reply from the DA server... but the address they are given is not pingable.
    Wednesday, April 21, 2010 10:56 PM