Welcome to the UAG 2010 Installation Section (Full Version)

All Forums >> [Forefront Unified Access Gateway 2010] >> Installation



Message


tshinder -> Welcome to the UAG 2010 Installation Section (18.Aug.2009 8:39:10 AM)

Welcome to the UAG 2010 Installation Section!

Post your issues with installation UAG 2010 here. If you have non-installation related questions, then please post to the UAG 2010 General Section.

Thanks!
Tom




Werthnerb -> RE: Welcome to the UAG 2010 Installation Section (12.Apr.2010 12:09:15 PM)

Tom, Hi this is my first time on ISAServer find the site to be great I do have a question about install of UAG 2010?

How would I go about getting the UAG deployed with Cisco ASA 5520?
I have a SSM 4g card in the ASA and was wondering what is the best way to get this to the outside world the ASA is in routed mode with 4 DMZ's at this time we have TMG in one of the DMZ'z doing back to back FW config. Any help would be great.




tshinder -> RE: Welcome to the UAG 2010 Installation Section (16.Apr.2010 7:30:59 AM)

The best configuration, in my opinion, is to put the ASA in front of the UAG server, and then just connect the internal interface of the UAG server to the corpnet. No need for an internal firewall behind the UAG server, because the TMG firewall is on the same box as the UAG server, thus providing the UAG server protection from the corpnet - no need to put in a back-end firewall to protect the UAG server from the corpnet because of the on-box TMG firewall.

HTH,
Tom




mohammad_ziad -> RE: Welcome to the UAG 2010 Installation Section (11.Oct.2010 11:27:42 AM)

Hi , am looking for the steps of installing UAG 2010 using array

Many Thanks




ryechz -> RE: Welcome to the UAG 2010 Installation Section (12.Jan.2011 12:29:40 PM)

Tom,

I am in the process of doing the exact same thing with UAG SP1 with DirectAccess and a Cisco ASA 5510 and 2 physical servers setup in a NLB array. The DirectAccess wizard will not let you continue because it does not detect an external IP address. I was planning on relying on NAT to send the traffic to the external adapter(s) vlan. No luck. I am a noob, so bare with me on this one. I need to setup a kind of DMZ that uses a class A address, but behind the ASA and use NAT along with it? Or is there just a simple pass-through mechanism that uses packet filtering so that I can achieve some sort of firewall protection. MS says that installing a UAG array behind a front end firewall is not only supported, but recommended, they just don't provide any examples as to how to exactly make this happen.




Jason Jones -> RE: Welcome to the UAG 2010 Installation Section (12.Jan.2011 8:14:06 PM)

You will need to use public IP addresses on the UAG external interfaces; this means you need a public IP addressed DMZ. The ASA will then need to be configured to use routing (as opposed to NAT) for this public IP subnet. Inbound firewall policies (stateful packet filtering) will still be employed, just no NAT.

You will need to obtain a new public IP subnet from your ISP to achieve the above or supernet you existing range in smaller subnets to create several usable ranges.

Cheers

JJ




ryechz -> RE: Welcome to the UAG 2010 Installation Section (13.Jan.2011 1:17:01 PM)

Thank you Jason, it is nice to have some one actually spell it out for me. Everywhere else is full of vagueries.

So, as a follow-up, I have another question. We currently have 2 5510 ASA's setup with a BGP configuration and we have been given a /24 block of addresses from our provider. So we have a plethora of addresses to work with. I hadn't heard things quite as you put it. I heard that I would have to use what is called transparent filtering and I would need to configure my firewall to be in a different mode. To achieve this, and keep current functionality (IPSEC VPN & FIREWALL), I would have to create multiple contexts within the ASA. The catch is that when this is done, the VPN functionality is removed because the firewall does not support running VPN with this new mode. In your post you call it simply to have my firewall configured for routing, is this the same thing as transparent mode (where it acts as a bridge)?

FYI, we do not have a DMZ currenty, just the two firewalls working in BGP mode.

This link takes you to the list of unsupported things when running in context mode: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1146747




Jason Jones -> RE: Welcome to the UAG 2010 Installation Section (13.Jan.2011 5:56:12 PM)

Hi Ryan

No that is different to using a different public IP address range and getting the firewall to route, but if it allows you to define the external UAG interfaces with public IP addresses and receive inbound connections, you should be good to go...

Check this: http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/db69492e-8f44-44b5-b3db-7f284cb35e4f/

Cheers

JJ




cwwilliams@co.hanove -> RE: Welcome to the UAG 2010 Installation Section (14.Dec.2011 3:02:04 PM)

I have tested the UAG in a lab connected to the Internet.  I am looking to now place the UAG on an Hyper-V host in our DMZ.  It appears from your forum the external nic needs to be a public facing IP and the internal nic a private IP.
Is this true for just Direct Access or does this also apply SSTP VPN?

Also are there any articles around about setting the UAG up on Hyper-V?




Jason Jones -> RE: Welcome to the UAG 2010 Installation Section (14.Dec.2011 6:28:49 PM)

quote:

ORIGINAL: cwwilliams@co.hanove

I have tested the UAG in a lab connected to the Internet.  I am looking to now place the UAG on an Hyper-V host in our DMZ.  It appears from your forum the external nic needs to be a public facing IP and the internal nic a private IP.
Is this true for just Direct Access or does this also apply SSTP VPN?

Also are there any articles around about setting the UAG up on Hyper-V?



No SSTP VPN does not have the same limitations and can use DMZ private IP address which are NAT'd by an edge firewall.

Setting UAG on a Hyper-V guest should be no different that a standard server

Cheers

JJ




guylaine -> RE: Welcome to the UAG 2010 Installation Section (29.May2013 12:13:23 AM)

I try to install UAG 2010 without success, I get the following error:"failed to install tmg"
the installation is done on a clean virtual machine with server 2008 r2 sp1 standard

i need your help




Atifrazagg -> RE: Welcome to the UAG 2010 Installation Section (22.Dec.2015 12:43:45 AM)

I have tested the UAG in a lab connected to the Internet. I am looking to now place the UAG on an Hyper-V host in our DMZ. It appears from your forum the external nic needs to be a public facing IP and the internal nic a private IP.
money




Page: [1]