Share via

Planning for internal network access

  • Article

Updated: February 15, 2013

Applies To: Unified Access Gateway

Some of the Forefront Unified Access Gateway 2010 SP3 features discussed in this article may be deprecated and may be removed in subsequent releases. For a complete list of deprecated features, see Features Deprecated in Forefront UAG SP3.

This topic is designed to help you understand the planning requirements for a Forefront Unified Access Gateway (UAG) network access design, as follows:

  • Planning client requirements

  • Planning for SSTP

  • Planning for Network Connector

Planning client requirements

You can configure remote access to the corporate network using the legacy Network Connector application or Secure Sockets Tunneling Protocol (SSTP). Before selecting an access method, ensure that you are aware of client requirements, as listed in the following table.

The following table lists the requirements for both SSL network tunneling mechanisms.

SSL network tunneling mechanism Application version Client endpoint requirements

SSTP

Forefront UAG

Windows 7 client, Windows 7 server (32-bit and 64-bit). Internet Explorer.

Network Connector

Forefront UAG, Intelligent Application Gateway (IAG) 2007

Windows XP, Windows Vista (32-bit). Internet Explorer.

Planning for SSTP

The following SSTP planning is required:

  1. If you want to allocate IP addresses dynamically to remote clients, ensure that you have a DHCP server deployed.

  2. If you want to allocate IP addresses from a static pool, plan for a range that is large enough, and that can be excluded from the internal network address range that is defined on the Forefront UAG servers.

  3. No client-side configuration is required.

  4. SSTP is published via an HTTPS trunk and uses the trunk certificate for authentication. Ensure that you have obtained a valid certificate for the trunk. Note that the certificate must be trusted by remote clients and will usually be issued by an external certification authority (CA).

Planning for Network Connector

Planning for Network Connector includes the following:

  • Network Connector must allocate addresses from a static pool. Plan for a range that is large enough, and that can be excluded from the internal network address range that is defined on the Forefront UAG servers.

Next steps

For information on deploying SSTP remote network access, see Publishing remote network access with SSTP. For Network Connector deployment information, see Publishing remote network access with Network Connector.