[isalist] Re: Direct Access

Youbetcha!
Been virtualizing ISA and it's children since ~2003.

TMG and UAG were specifically tested for virtualization supportability.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Steven Comeau
Sent: Wednesday, June 22, 2011 6:47 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

Virtualize.....Best thing I ever did with ISA...

Steve Comeau
Associate Director of IT  Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com<http://www.scarletknights.com>


[Description: rutgers100px.gif]
  [Description: 
C:\Users\scomeau\AppData\Roaming\Microsoft\Signatures\Steve21.jpg]




From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Rob Moore
Sent: Wednesday, June 22, 2011 8:48 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

Yeah, I guess we could do UAG for Direct Access only. That might be viable. 
Have to talk the boss into another server. But then, I like servers!

Rob

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Steve Moffat
Sent: Tuesday, June 21, 2011 7:01 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

I was only talking about the Direct access part......although I found it quite 
intuitive.

Best practice however, is TMG for your VPN stuff & UAG for direct access, RDP 
Gateway, & Outlook & application publishing.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Rob Moore
Sent: Tuesday, June 21, 2011 7:09 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

I beg to differ. We have a license for UAG. I found the interface to be very 
opaque. Documentation is minimal. Books for it are non-existent. We worked with 
a Microsoft Gold Partner to get it set up. MS did crazy things like eliminate 
PPTP-based VPNs in the latest SP. And it's really only set up to publish two 
kinds of traffic: HTTP and HTTPS. Not adequate for our needs, unfortunately. 
Ultimately we decided, with the help of the Gold Partner, to eliminate UAG from 
our infrastructure until the product was more mature. I'm hoping that comes 
along soon, since the license was very expensive.

Rob

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Steve Moffat
Sent: Tuesday, June 21, 2011 4:39 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

Use UAG...It's a no brainer..simple to set up & configure.

Steve

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Rob Moore
Sent: Tuesday, June 21, 2011 3:40 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

Yikes. I guess it's a bit more complicated than I thought. Thanks for the input.

Rob

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jerry Young
Sent: Tuesday, June 21, 2011 2:08 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

Rob,

This is more than just DirectAccess + TMG Server.  You have to ensure that all 
of your internal network devices are not only IPv6 capable but are configured 
to actively pass the traffic.  If you haven't already, you might want to review 
the requirements for DirectAccess, which is outside of the scope of the 
document you reference, prior to moving forward.  There are also some feature 
and functionality that you lose when using TMG instead of UAG, which I believe 
Microsoft actually prefers customers to use for providing DirectAccess to their 
external users, the key one being access to corporate legacy servers (or 
applications - not all of them work with IPv6) over IPv4.

That being said, I think you're out of luck as TMG doesn't accept or pass IPv6 
traffic.  The steps which are required to "trick" it into doing so *must* be 
done prior to its installation, I believe.
On Tue, Jun 21, 2011 at 1:29 PM, Rob Moore 
<RMoore@xxxxxxxx<mailto:RMoore@xxxxxxxx>> wrote:
My boss has decided that getting Direct Access up and running is very high 
priority. I've recently gotten rid of the last of our Win 2003 DCs and raised 
the functional level of our domain to 2008 R2. So now I'm ready to try to get 
Direct Access to work. So I just now downloaded an article published to the 
isaserver.org<http://isaserver.org> website 
(http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-How-configure-Forefront-TMG-DirectAccess-Server.html)
 about configuring TMG as a Direct Access server. Of course the first thing it 
had to say was that you've got to install Direct Access BEFORE installing TMG. 
And of course TMG is already on the server in question and is in production.

So, is there a way to move forward, putting Direct Access onto an in-production 
TMG server?

Thanks,
Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870<tel:215-241-7870>
Helpdesk: 800-500-AFSC




--
Cordially yours,
Jerry G. Young II, CISSP
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner
www.youngcss.com<http://www.youngcss.com>

***  This message contains confidential information and is

intended only for the individual named. If you are not the

named addressee, you should not disseminate, distribute or

copy this e-mail. Please notify the sender immediately by

e-mail if you have received this e-mail by mistake and delete

this e-mail from your system. E-mail transmission cannot be

guaranteed to be secure or error-free as information could be

intercepted, corrupted, lost, destroyed, arrive late or

incomplete, or contain viruses.  The sender therefore does not

accept liability for any errors or omissions in the contents of

this message, which arise as a result of e-mail transmission.

If verification is required please request a hard-copy version.

Rutgers University - DIA

83 Rockafeller Road

Piscataway, NJ 08854

www.scarletknights.com<http://www.scarletknights.com> ***


PNG image

JPEG image

Other related posts: