locked
Direct Access & Reverse Web Proxy RRS feed

  • Question

  • I have two UAG appliances that I'm going to be configuring for HA Direct Access. They are currently acting as a reverse web proxy and SSL VPN for my company. Will I be able to keep those web sites published on the UAG boxes if I convert the boxes to Direct Access?
    Monday, November 14, 2011 8:50 PM

Answers

  • Hi,

     

    It would be possible if you can dedicate IPv4 public addresses for DirectAccess that are different from other services you publish on your UAG farm.

     

    Best regards.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Monday, November 14, 2011 9:27 PM
  • DA does not rely on UAG trunk. Ths most important thing to remember is that DA require dedicated IPv4 addresses. For NLB, you will need 2 VIP and one DIP per UAG box. Theses Public IPv4 addresses will be dedicated to DirectAccess. So you will need more public IPv4 addresses to publish other services on the UAG farm.

     

     


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Monday, November 14, 2011 9:56 PM

All replies

  • Hi,

     

    It would be possible if you can dedicate IPv4 public addresses for DirectAccess that are different from other services you publish on your UAG farm.

     

    Best regards.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Monday, November 14, 2011 9:27 PM
  • So if I have DA on a separate trunk with the required 4 public IP's and then a separate trunk hosting the reverse web proxy sites with it's own external IP I should be okay?
    Monday, November 14, 2011 9:39 PM
  • DA does not rely on UAG trunk. Ths most important thing to remember is that DA require dedicated IPv4 addresses. For NLB, you will need 2 VIP and one DIP per UAG box. Theses Public IPv4 addresses will be dedicated to DirectAccess. So you will need more public IPv4 addresses to publish other services on the UAG farm.

     

     


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Monday, November 14, 2011 9:56 PM
  • Well I have plenty of those so I should be good. Thanks for the help!
    Monday, November 14, 2011 10:04 PM
  • Keep in mind that you can NOT run DirectAccess and the older "Network Connector" SSLVPN application on the same box. You mentioned SSLVPN so I wanted to make sure you knew about that "gotcha".
    Tuesday, November 15, 2011 3:51 PM
  • No I understand that part. Thank you.

    Tuesday, November 15, 2011 4:29 PM
  • Not sure this is a problem. I have a customer with a Multicast NLB farm with DA, portal and VPN/SSL and it works. Each service have it's own set of public IPv4 addresses, a lot of IPv4 addresses.
    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Wednesday, November 16, 2011 8:49 AM
  • You can use UAG portals, DA, and SSTP VPN at the same time - but not Network Connector:

    http://technet.microsoft.com/en-us/library/ee522953.aspx

    "You cannot publish the Network Connector application when Forefront UAG is configured as a DirectAccess server."

    Wednesday, November 16, 2011 1:49 PM