UAG Array NLB Settings


  • Good afternoon,

    Just looking for a little guidance on UAG arrays using integrated NLB.

    I have an existing install, using a single instance of UAG, and have been asked to create an array with a second box.

    I can't quite get my head around how to configure the NLB settings. At the moment the existing install has a dedicated public ip on the external interface which connects direct to the big, bad interweb thingy. This ip is given by the isp. My question is, "Do I use this as the vip on both UAG boxes?" If so do I simply configure dip addresses, belonging to the same subnet, on the external interfaces of each UAG box?

    Confused? I know I am or perhaps just a little too old for this game.


    Friday, March 16, 2012 3:19 PM


All replies

  • Nope. You got it right.

    The current IP-address becomes the VIP and you need two new addresses as the DIP for the servers 8on the same subnet).

    To do this, add a second address (what becomss the DIP) to the first box, then install the second box and give it a unique DIP. Join it to the array and then in UAG admin configure the VIP in the NLB settings diaglogue.

    Hth, Anders Janson Enfo Zipper

    • Proposed as answer by Troyd Sanchez Friday, March 16, 2012 4:21 PM
    • Marked as answer by NeilCC1 Tuesday, April 03, 2012 2:39 PM
    Friday, March 16, 2012 3:41 PM
  • Is this array for DirectAccess or UAG portal?

    For a two node NLB array, you will need at lease 3 public IP addresses; two DIPs and one VIP. If using DA, you will need at least four public IP addresses.

    Changing the IP addresses of existing UAG installations is a bit of a support quandry as dicsussed here and here

    I believe support for changing IP addresses on the internal side of UAG was added in an update as discussed here:

    If you are talking about a DirectAccess setup, this is worth a read too:



    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: and

    Friday, March 16, 2012 4:28 PM
  • Thanks for the answer Jason.

    Unfortunately I don't have 3 public ip addresses. I do have access to any amount of hubs and switches. Could I connect the external interfaces to the outside world via a switch, use the public ip as the vip and assign two private addresses to the interfaces and let the switch do its thing?


    Friday, March 16, 2012 4:53 PM
  • Thanks Anders,

    Hopefully your answer is correct. I've replied to Jason also. Just to be on the safe side.


    Friday, March 16, 2012 4:54 PM
  • This depends very much on whether you are using only UAG web portals, or if you are using DirectAccess.

    If you are using DirectAccess, you NEED 4 public IP addresses. No other way to do it.

    If you are using only a UAG web portal, you will need one VIP and two DIPs, but they could all be public or private IP addresses. If you don't have 3 publics, you can setup all 3 as private addresses and then you will have to rely on a router/firewall to NAT a real public into the private VIP.

    • Marked as answer by NeilCC1 Tuesday, April 03, 2012 2:39 PM
    Monday, March 19, 2012 7:41 PM