Direct access with UAG design RRS feed

  • Question

  • Hi,

    We are having TMG deployed in our environment which is joined to the domain all intner to external and external to internal traffic is going and coming through UAG. I have been told to deploy Direct Access with UAG to access Exchange, File Servers, users computers, Sharepoint intranet website and other applications from outside. I have searched alot and found out that Direct Access can be deployed / installed on TMG as well but i can have lots of features if i use UAG with Direct Access.

    My question is that is it possible to have a UAG with Direct access when we have a TMG. If yes then how the traffic will flow from UAG and Direct Acces to TMG and from TMG to UAG and Direct Access. please note that my TMG is having two network cards one is for internal and other is for external ip. Can some one please help me what to do. Can i use UAG with Direct Access while TMG is here or do i have to install Direct Access on the TMG it self.


    Thursday, March 3, 2011 2:48 PM

All replies

  • UAG and TMG are separate products.  It is true that UAG includes TMG, but you are not going to nativity use the instance of TMG that is in the UAG bundle because UAG manages all of the setting in TMG for it's own use (and it is unsupported if you try anyway).

    You can (and I would encourage you to) deploy a TMG server and a separate UAG server in your environment.  I have set up TMG which has two network interfaces, one with it's own public IP and one with an internal ip.  Then right next to it is the separate UAG server which also has two interfaces, one which has two external IP's and one other with an internal IP.

    Think of TMG as the product that keeps the bad guys out and UAG as the one that lets the good guys in.

    This can help you with setting up UAG for DirectAccess.  You can also use that instance of UAG to publish your Exchange servers over trunks but that is topic not covered by this guide.


    MrShannon | TechNuggets Blog | Concurrency Blogs
    • Proposed as answer by MrShannon Thursday, March 3, 2011 5:24 PM
    Thursday, March 3, 2011 5:24 PM
  • Hi, Thanks for reply, what i understood from your answer is that DA will be deployed on UAG all the users which are coming from the internet only for the DA will come through UAG and other internet activities like exchange is already published on TMG sharepoint is published on TMG will come through TMG correct? if this is a case then what A record should i create on the internet do i need separate public ips for UAG or the public ip will be the same which is being used by TMG and all traffic will first come to the firewall and then in the firewall i will redirect request to TMG or UAG. Regards,
    Friday, March 4, 2011 10:14 AM