I beg to differ. We have a license for UAG. I found the interface to be very opaque. Documentation is minimal. Books for it are non-existent. We worked with a Microsoft Gold Partner to get it set up. MS did crazy things like eliminate PPTP-based VPNs in the latest SP. And it's really only set up to publish two kinds of traffic: HTTP and HTTPS. Not adequate for our needs, unfortunately. Ultimately we decided, with the help of the Gold Partner, to eliminate UAG from our infrastructure until the product was more mature. I'm hoping that comes along soon, since the license was very expensive. Rob From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: Tuesday, June 21, 2011 4:39 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Direct Access Use UAG...It's a no brainer..simple to set up & configure. Steve From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Tuesday, June 21, 2011 3:40 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Direct Access Yikes. I guess it's a bit more complicated than I thought. Thanks for the input. Rob From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jerry Young Sent: Tuesday, June 21, 2011 2:08 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Direct Access Rob, This is more than just DirectAccess + TMG Server. You have to ensure that all of your internal network devices are not only IPv6 capable but are configured to actively pass the traffic. If you haven't already, you might want to review the requirements for DirectAccess, which is outside of the scope of the document you reference, prior to moving forward. There are also some feature and functionality that you lose when using TMG instead of UAG, which I believe Microsoft actually prefers customers to use for providing DirectAccess to their external users, the key one being access to corporate legacy servers (or applications - not all of them work with IPv6) over IPv4. That being said, I think you're out of luck as TMG doesn't accept or pass IPv6 traffic. The steps which are required to "trick" it into doing so *must* be done prior to its installation, I believe. On Tue, Jun 21, 2011 at 1:29 PM, Rob Moore <RMoore@xxxxxxxx<mailto:RMoore@xxxxxxxx>> wrote: My boss has decided that getting Direct Access up and running is very high priority. I've recently gotten rid of the last of our Win 2003 DCs and raised the functional level of our domain to 2008 R2. So now I'm ready to try to get Direct Access to work. So I just now downloaded an article published to the isaserver.org<http://isaserver.org> website (http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-How-configure-Forefront-TMG-DirectAccess-Server.html) about configuring TMG as a Direct Access server. Of course the first thing it had to say was that you've got to install Direct Access BEFORE installing TMG. And of course TMG is already on the server in question and is in production. So, is there a way to move forward, putting Direct Access onto an in-production TMG server? Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870<tel:215-241-7870> Helpdesk: 800-500-AFSC -- Cordially yours, Jerry G. Young II, CISSP Microsoft Certified Systems Engineer Young Consulting & Staffing Services Company - Owner www.youngcss.com<http://www.youngcss.com>