locked
UAG 2010 SP1 Capabilities & Connection Options RRS feed

  • Question

  • Just want to confirm what I believe to be the various remote access capabilities of UAG 2010 SP1.

    1. Reverse Proxy to provide external users with access to published resources such as Web Sites, OWA, Sharepoint. All over HTTPS / 443.
    2. Layer 3 VPN. Much like traditional VPNs, users connect to corporate network using IPsec / VPN tunnel
    3. DirectAccess. Not a VPN. But instead an 'always on' tunnel into the corporate network using CERT and Kerberos.

    Thanks!


    Bill

    Monday, May 14, 2012 3:35 PM

Answers

  • Correct. You can reverse proxy web applications such as those you mentioned by publishing UAG "trunks" (portals). Also from inside those trunks you have the option of publishing Remote Network Access, which is the full VPN tunnel. From the client perspective you do not connect to this VPN in the traditional "create a VPN network connection in your Network Adapters" screen. The only way to launch a full VPN connection with UAG is by accessing through a UAG trunk.

    And yes, absoltely you can use UAG to publish DirectAccess.

    • Marked as answer by Beachnut_ Tuesday, May 15, 2012 10:06 PM
    Monday, May 14, 2012 7:19 PM
  • Just to add to what Jordan as stated, you can directly publish "bookmarked" applications (via reverse proxy) and host the applications on the trunk (portal) itself via a common URL, configureable on a per application basis.

    Regards,

    Mylo

    • Marked as answer by Beachnut_ Tuesday, May 15, 2012 10:06 PM
    Monday, May 14, 2012 9:36 PM
  • Note that UAG does not support PPTP or IPsec VPN clients.

    With UAG, Remote Network Access is achieved using SSL Network Tunelling (historically called the Network Connector) on non-Windows 7 clients or SSL Network Tunelling (SSTP) on Windows 7 clients.

    Cheers

    JJ 


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk


    Monday, May 14, 2012 11:13 PM

All replies

  • Correct. You can reverse proxy web applications such as those you mentioned by publishing UAG "trunks" (portals). Also from inside those trunks you have the option of publishing Remote Network Access, which is the full VPN tunnel. From the client perspective you do not connect to this VPN in the traditional "create a VPN network connection in your Network Adapters" screen. The only way to launch a full VPN connection with UAG is by accessing through a UAG trunk.

    And yes, absoltely you can use UAG to publish DirectAccess.

    • Marked as answer by Beachnut_ Tuesday, May 15, 2012 10:06 PM
    Monday, May 14, 2012 7:19 PM
  • Just to add to what Jordan as stated, you can directly publish "bookmarked" applications (via reverse proxy) and host the applications on the trunk (portal) itself via a common URL, configureable on a per application basis.

    Regards,

    Mylo

    • Marked as answer by Beachnut_ Tuesday, May 15, 2012 10:06 PM
    Monday, May 14, 2012 9:36 PM
  • Note that UAG does not support PPTP or IPsec VPN clients.

    With UAG, Remote Network Access is achieved using SSL Network Tunelling (historically called the Network Connector) on non-Windows 7 clients or SSL Network Tunelling (SSTP) on Windows 7 clients.

    Cheers

    JJ 


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk


    Monday, May 14, 2012 11:13 PM
  • Okay, that helps. I have been focused on spinning up DA and haven't had much time to explore the SSL Network Tunneling Server. And I can see that it is used to provide the VPN access.

    Isn't there a TLG out there that would walk UAG newbie through setup of SSL Network Tunneling? Thanks everyone!


    Bill

    Tuesday, May 15, 2012 10:05 PM
  • There sure is :)

    http://www.microsoft.com/en-us/download/details.aspx?id=4140

    Keep in mind, when you are running DirectAccess it is only supported to run the SSTP part of Remote Network Access for Windows 7 clients. It is not supported to run DirectAccess and the older Network Connector VPN client through UAG at the same time. You would have to have a separate UAG server that is not running DirectAccess to publish Network Connector for the older operating systems.

    Wednesday, May 16, 2012 12:26 PM