locked
UAG Direct Access Server - can I use one of my two public IPs for other UAG services i.e. OWA publishing? RRS feed

  • Question

  • Guys,


    I am about to release a UAG DirectAccess server for testing purposes.

    We also have Exchange 2010 OWA and I would like to move the publishing rules from the existing TMG server to OWA.

    My UAG DirectAccess server has the two required public IP addresses, but can I also use one of these IP address for the OWA publishing rules, and if so does it matter which IP I use?

    Regards,


    Conrad


    Conrad Goodman MCITP SA / MCTS: WSS3.0 + MOSS2007
    Thursday, June 2, 2011 9:25 AM

Answers

  • Hi,

     

    IPv4 addresses dedicated to DirectAccess cannot be used for any other usage because of IPSEC tunnels. You must add another IP address to publish your Exchange.

     

    Have a nice day.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    • Proposed as answer by MrShannon Monday, June 6, 2011 5:33 AM
    • Marked as answer by Conrad Goodman Monday, June 6, 2011 8:17 AM
    Thursday, June 2, 2011 9:59 AM

All replies

  • Hi,

     

    IPv4 addresses dedicated to DirectAccess cannot be used for any other usage because of IPSEC tunnels. You must add another IP address to publish your Exchange.

     

    Have a nice day.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    • Proposed as answer by MrShannon Monday, June 6, 2011 5:33 AM
    • Marked as answer by Conrad Goodman Monday, June 6, 2011 8:17 AM
    Thursday, June 2, 2011 9:59 AM
  • Hi,

    It is possible to run a portal on the second IP of the two on DA,

    My production environment is running quiet happily. Had to prove this config would work due to a customer only had 2 free IP's for a UAG implementation and they wanted DA and a portal.

    The question on whether MS would support it is another matter.

    Regards,

    Rmknight

    Tuesday, August 9, 2011 2:18 PM
  • Hi Rmknight,

    Its possible. One IP will used for IPHTTPS and the other IP could be used as Portal. I'm not sure if this is a supported configuration, but it works that way in a customer environment.

    -Kai

    Tuesday, August 9, 2011 2:34 PM
  • Hi,

     

    but am I correct to assume that only services (like a Portal) could be used on the second IP if this services are running on the DirectAccess Server itself?

    Or is it possible to use the second IP also with Services on other Servers.

    The reason i ask is we have one public IP that is completely free and i'm going to use it for my first IP of DirectAccess Server (so it's for the Tunnel)

    The second IP is already used and some Ports get forwarded to other Servers in my corporate Network - but if i only forward the neccesary Protokolls and Ports to my Second IP of DirectAccess Server will it work?

     

    Regards

    Chris

    Saturday, January 21, 2012 12:36 PM
  • Hi Chris,

    You should not use the underlying TMG server on a UAG box as if it was a "regular" TMG server.

    Please see this TechNet article: Support boundaries, especially the section: Forefront TMG running on Forefront UAG

    Regards,


    -Ran
    Saturday, January 21, 2012 1:43 PM