none
NAT'ing before UAG RRS feed

  • Question

  • Hi,

    We have 2 UAG devices, using the MS NLB solution (2 x DIPs, 1 x VIP).

    In front of UAG is a NAT-device.

    We have NAT'ed an Internet IP address to the VIP of the UAG device. Also allowed HTTPS and HTTPS through to UAG.

    We will be using UAG for MOSS publishing and old style VPN access.

    The only reference to NOT using a NAT in front of UAG is in the UAG Planning Guide, and it refers to DirectAccess (which we are NOT using):

    "A Forefront UAG DirectAccess server can be located behind a firewall or between a frontend and backend firewall, but note that a public IPv4 address is required, and therefore the server should not be located behind a NAT "

    Are there any 'gotchas' with this setup?

    We can connect to the UAG portal from the actual UAG device (open IE on UAG itself)...but not from the Internet.

    Also, another question - what is the recommended NLB Mode for UAG...Unicast or Multicast in our scenario above?

    Thanks

    Wednesday, May 19, 2010 10:42 AM

Answers

All replies