locked
Running UAG with External and Internal NIC's on the same VLAN RRS feed

  • Question

  • All

    While I believe this is not officially supported has anyone successfully managed to run UAG and UAG-DA in an installation where the External and Internal interfaces are assigned IP addresses on the same VLAN please? and if so could they please share the magic formula as I appear to be having serious issues trying to keep the traffic separate.

    I've somehow managed this in a POC build but when attempting to productionise this I am failing miserably despite what i thought were the same settings :(

    Any help really appreciated, thanks

    Friday, October 8, 2010 11:19 AM

Answers

  • You can use the same VLAN, but the internal and external interfaces must not be on the same TMG Firewall Network. The internal interface has to be on the default Internal Network and the external interface must not be on the default Internal Network.

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    • Marked as answer by Erez Benari Monday, October 25, 2010 9:34 PM
    Monday, October 11, 2010 11:38 AM

All replies

  • Hey Chris,

    Never gonna happen (due to TMG) are you sure you got it working with a single subnet?

    Can you not use two different VLANs with the appropriate routing configuration?

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Friday, October 8, 2010 11:40 AM
  • Hi Amig@. I would like to understand first what you mean with "the same VLAN". If "same VLAN" means the two interfaces share the same physical medium, there is a chance for it to success. If "the same VLAN" means the same IP subnet then there is no chance. It will fail. The requisites for UAG (and TMG) are two interfaces and they must not share the same IP address space.

    Nice weekend


    // Raúl - I love this game
    Friday, October 8, 2010 12:56 PM
  • Hi JJ

    I'm pretty sure it's working although I have no idea how. I've got people using the portal as we speak so it definitely does something. So far its only being used to provide file access and remote apps but i've been asked to productionise and extend to include DA hence a new build.

    Different VLAN's may prove somewhat complex (politically ..i'm sure you remember ;) ) but i'll see what I can achieve down that route. At the moment it's running on an ESX server which adds further difficulty (but may in the long run make it easier if i can get something sorted i suppose).

    Cheers

    Friday, October 8, 2010 1:40 PM
  • Hi.

    By same VLAN I mean consecutive IP addresses. The POC build I have uses a <range>.212 external ip and <range>.213 internal ip. Seems like what you're both telling me is this shouldn't actually be working at all! :eek:

    This probably explains why it's very unhappy on every reboot (but eventually sorts itself out with a bit of service restarting).

    .. maybe i'm just the new improved idiot for a previously idiot proof product lol :)

    Friday, October 8, 2010 1:42 PM
  • Hey Chris,

    You may be able to get a portal working, but DA is going to be tricky I think.

    Getting DA to work in that sort environment is going to need a bit of thought and careful consideration...give us a shout if you want some consultancy time to try and help out ;)

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Saturday, October 9, 2010 12:04 AM
  • You can use the same VLAN, but the internal and external interfaces must not be on the same TMG Firewall Network. The internal interface has to be on the default Internal Network and the external interface must not be on the default Internal Network.

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    • Marked as answer by Erez Benari Monday, October 25, 2010 9:34 PM
    Monday, October 11, 2010 11:38 AM