[isalist] Re: Direct Access

• From: Steve Moffat <Steve@xxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 22 Jun 2011 20:46:38 +0000

Not virtualized?

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Rob Moore
Sent: Wednesday, June 22, 2011 9:48 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

Yeah, I guess we could do UAG for Direct Access only. That might be viable. 
Have to talk the boss into another server. But then, I like servers!

Rob

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Steve Moffat
Sent: Tuesday, June 21, 2011 7:01 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

I was only talking about the Direct access part......although I found it quite 
intuitive.

Best practice however, is TMG for your VPN stuff & UAG for direct access, RDP 
Gateway, & Outlook & application publishing.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Rob Moore
Sent: Tuesday, June 21, 2011 7:09 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

I beg to differ. We have a license for UAG. I found the interface to be very 
opaque. Documentation is minimal. Books for it are non-existent. We worked with 
a Microsoft Gold Partner to get it set up. MS did crazy things like eliminate 
PPTP-based VPNs in the latest SP. And it's really only set up to publish two 
kinds of traffic: HTTP and HTTPS. Not adequate for our needs, unfortunately. 
Ultimately we decided, with the help of the Gold Partner, to eliminate UAG from 
our infrastructure until the product was more mature. I'm hoping that comes 
along soon, since the license was very expensive.

Rob

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Steve Moffat
Sent: Tuesday, June 21, 2011 4:39 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

Use UAG...It's a no brainer..simple to set up & configure.

Steve

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Rob Moore
Sent: Tuesday, June 21, 2011 3:40 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

Yikes. I guess it's a bit more complicated than I thought. Thanks for the input.

Rob

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jerry Young
Sent: Tuesday, June 21, 2011 2:08 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Direct Access

Rob,

This is more than just DirectAccess + TMG Server.  You have to ensure that all 
of your internal network devices are not only IPv6 capable but are configured 
to actively pass the traffic.  If you haven't already, you might want to review 
the requirements for DirectAccess, which is outside of the scope of the 
document you reference, prior to moving forward.  There are also some feature 
and functionality that you lose when using TMG instead of UAG, which I believe 
Microsoft actually prefers customers to use for providing DirectAccess to their 
external users, the key one being access to corporate legacy servers (or 
applications - not all of them work with IPv6) over IPv4.

That being said, I think you're out of luck as TMG doesn't accept or pass IPv6 
traffic.  The steps which are required to "trick" it into doing so *must* be 
done prior to its installation, I believe.
On Tue, Jun 21, 2011 at 1:29 PM, Rob Moore 
<RMoore@xxxxxxxx<mailto:RMoore@xxxxxxxx>> wrote:
My boss has decided that getting Direct Access up and running is very high 
priority. I've recently gotten rid of the last of our Win 2003 DCs and raised 
the functional level of our domain to 2008 R2. So now I'm ready to try to get 
Direct Access to work. So I just now downloaded an article published to the 
isaserver.org<http://isaserver.org> website 
(http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-How-configure-Forefront-TMG-DirectAccess-Server.html)
 about configuring TMG as a Direct Access server. Of course the first thing it 
had to say was that you've got to install Direct Access BEFORE installing TMG. 
And of course TMG is already on the server in question and is in production.

So, is there a way to move forward, putting Direct Access onto an in-production 
TMG server?

Thanks,
Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870<tel:215-241-7870>
Helpdesk: 800-500-AFSC




--
Cordially yours,
Jerry G. Young II, CISSP
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner
www.youngcss.com<http://www.youngcss.com>

• Follow-Ups:
  • [isalist] Re: Direct Access
    • From: Rob Moore

• References:
  • [isalist] Direct Access
    • From: Rob Moore
  • [isalist] Re: Direct Access
    • From: Jerry Young
  • [isalist] Re: Direct Access
    • From: Rob Moore
  • [isalist] Re: Direct Access
    • From: Steve Moffat
  • [isalist] Re: Direct Access
    • From: Rob Moore
  • [isalist] Re: Direct Access
    • From: Steve Moffat
  • [isalist] Re: Direct Access
    • From: Rob Moore

Other related posts:

• » [isalist] Direct Access- D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
• » [isalist] Direct Access- Rob Moore
• » [isalist] Re: Direct Access- Jerry Young
• » [isalist] Re: Direct Access- Rob Moore
• » [isalist] Re: Direct Access- Steve Moffat
• » [isalist] Re: Direct Access- Rob Moore
• » [isalist] Re: Direct Access- Steve Moffat
• » [isalist] Re: Direct Access- Steve Moffat
• » [isalist] Re: Direct Access- Rob Moore
• » [isalist] Re: Direct Access- Steven Comeau
• » [isalist] Re: Direct Access- Jim Harrison
• » [isalist] Re: Direct Access- Alan Roberts
• » [isalist] Re: Direct Access - Steve Moffat
• » [isalist] Re: Direct Access- Rob Moore

1. Home
2. isalist
3. Archive
4. 06-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---