locked
UAG with DA on same servers (array), to support non-domain XP clients (Network Connections access) as well W7 DA RRS feed

  • Question

  • Scenario is as follows (500 users business):

    - Use UAG in an array to publish extrenal access to published Citrix applications, RDP and full VPN for external third parties sitting on non-domain joined XP/Vista/W7 computers (external user member of domain). Network Connections for XP clients, SSTP for W7 clients for full VPN access.

    - Use builtin TMG in UAG to pre-check external IP address before admitting access to UAG portal

    - Use the same UAG array for DA for domain joined W7 clients

    1st question

    Rumours say that the same UAG box is not able to support this config, XP using NC and W7 using SSTP, so for a high availability scenario;

    - 2 UAG boxes in an array for external parties to support non-domain joined XP clients using NC

    - 2 UAG boxes in an array for DA and W7 access and W7 SSTP

    This is a bit of an overkill with <20 external users, typically 1-3 concurrent. Is this correct? 

    2nd question:

    Can I use the TMG on the UAG box to verify external Internet IP address that external parties are coming from, prior to admitting access via UAG? How could I do that? Even using AD to pre-register external IP as property on external user object in AD.

    Thanks

    Gaute

    Tuesday, August 3, 2010 1:17 PM

Answers

  • Hi Gaute

    There's no need to base your decisions on rumors J.

    I think you can find answers to your questions here: http://technet.microsoft.com/en-us/library/ee522953.aspx

    For your first question, note this statement in the TechNet article: You cannot publish the Network Connector application when Forefront UAG is configured as a DirectAccess server.

    And for your second question, take a look at the Forefront TMG running on Forefront UAG and the Supported Forefront TMG configurations sections. You will see that what you are looking for is not a supported configuration of TMG running on UAG.

    -Ran

    Tuesday, August 3, 2010 1:59 PM