[isalist] Re: Direct Access
- From: Rob Moore <RMoore@xxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 23 Jun 2011 08:12:57 -0400
That's a possibility.
Rob
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Wednesday, June 22, 2011 4:47 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access
Not virtualized?
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Rob Moore
Sent: Wednesday, June 22, 2011 9:48 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access
Yeah, I guess we could do UAG for Direct Access only. That might be viable.
Have to talk the boss into another server. But then, I like servers!
Rob
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Tuesday, June 21, 2011 7:01 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access
I was only talking about the Direct access part......although I found it quite
intuitive.
Best practice however, is TMG for your VPN stuff & UAG for direct access, RDP
Gateway, & Outlook & application publishing.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Rob Moore
Sent: Tuesday, June 21, 2011 7:09 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access
I beg to differ. We have a license for UAG. I found the interface to be very
opaque. Documentation is minimal. Books for it are non-existent. We worked with
a Microsoft Gold Partner to get it set up. MS did crazy things like eliminate
PPTP-based VPNs in the latest SP. And it's really only set up to publish two
kinds of traffic: HTTP and HTTPS. Not adequate for our needs, unfortunately.
Ultimately we decided, with the help of the Gold Partner, to eliminate UAG from
our infrastructure until the product was more mature. I'm hoping that comes
along soon, since the license was very expensive.
Rob
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Tuesday, June 21, 2011 4:39 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access
Use UAG...It's a no brainer..simple to set up & configure.
Steve
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Rob Moore
Sent: Tuesday, June 21, 2011 3:40 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access
Yikes. I guess it's a bit more complicated than I thought. Thanks for the input.
Rob
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jerry Young
Sent: Tuesday, June 21, 2011 2:08 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access
Rob,
This is more than just DirectAccess + TMG Server. You have to ensure that all
of your internal network devices are not only IPv6 capable but are configured
to actively pass the traffic. If you haven't already, you might want to review
the requirements for DirectAccess, which is outside of the scope of the
document you reference, prior to moving forward. There are also some feature
and functionality that you lose when using TMG instead of UAG, which I believe
Microsoft actually prefers customers to use for providing DirectAccess to their
external users, the key one being access to corporate legacy servers (or
applications - not all of them work with IPv6) over IPv4.
That being said, I think you're out of luck as TMG doesn't accept or pass IPv6
traffic. The steps which are required to "trick" it into doing so *must* be
done prior to its installation, I believe.
On Tue, Jun 21, 2011 at 1:29 PM, Rob Moore
<RMoore@xxxxxxxx<mailto:RMoore@xxxxxxxx>> wrote:
My boss has decided that getting Direct Access up and running is very high
priority. I've recently gotten rid of the last of our Win 2003 DCs and raised
the functional level of our domain to 2008 R2. So now I'm ready to try to get
Direct Access to work. So I just now downloaded an article published to the
isaserver.org<http://isaserver.org> website
(http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-How-configure-Forefront-TMG-DirectAccess-Server.html)
about configuring TMG as a Direct Access server. Of course the first thing it
had to say was that you've got to install Direct Access BEFORE installing TMG.
And of course TMG is already on the server in question and is in production.
So, is there a way to move forward, putting Direct Access onto an in-production
TMG server?
Thanks,
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870<tel:215-241-7870>
Helpdesk: 800-500-AFSC
--
Cordially yours,
Jerry G. Young II, CISSP
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner
www.youngcss.com<http://www.youngcss.com>
Other related posts: