On the external interface of the UAG DA server, you need two consecutive public IP addresses. The requirement for two consecutive public IP addresses is to support Teredo, which is an IPv6 transition protocol. While you do have the ability to turn off Teredo support, the UAG DA wizard will not allow you to complete the configuration of the UAG DA server without meeting this requirement. Note that you can put a firewall in front of the UAG DA server, just as along as you have a route relationship (and not a NAT relationship) between the Internet and the external interface of the UAG DA server.
I'm thinking that maybe I'll creating some posts that have mistakes in them so that we can drum up more conversations on this board ;)
Also - if you have any hints, ideas, tips, tricks ANYTHING you can think of that we can do to make more people interested in trying out DirectAccess, let me know. It's such as great technology I'm surprised that we don't have more input in this forum.
I am an IT pro, and I work for a smaller company (about 200 employees). We need a new firewall and I am looking at the possibilities of UAG. What I usually do before we take something in production is test it at home. Unfortunately I canít get 2 public IP addresses (at least not IPv4) so I need UAG with DA working with only one public IP. The problem is that everybody is telling me it canít be done, but nobody seems to know why. What I understand is that 2 public IP addresses are required for toredo. I also understand that you donít have to use toredo. Then I get the answer that you canít get past the wizard without giving two public IP addresses. When I reply that the wizard only generates Powershell and that you can therefore also configure UAG without wizard, I get no further answers. I hope somebody here can give me some insight.
I can probably get a block of public IPv6 addresses from my provider and my provider can also tunnel IPv6 into IPv4 and the other way around. My provider is testing IPv6, and customers can join these tests. So I probably really donít need toredo.
Hi RazorBlade, If you need a new firewall, UAG isn't really the right option for you. UAG is a remote access gateway and DirectAccess server, that you can put on the edge because TMG is installed on it, but the firewall on the UAG server is to protect the UAG server itself and the network behind it. It won't enable any outbound access at all. For that, you might want to consider TMG - which is a network firewall that you can configure for inbound and outbound access - but TMG is not a very good option for DirectAccess.
Hi Everyone, I'm kind of stuck with my deployment and I would like some clarification regarding the number of IPs required to properly deploy Direct Access within UAG, as I cannot activate the Direct Access. I get a message ďA timeout occurred. The Teredo network interface cannot be enabled.Ē I do have Exchange 2013 working fine (OWA, activesysnc) deployed via UAG. Here is my network in a nut shell: 1. From my ISP I have one internet IP (22.214.171.124) 2. Cisco router with NAT connected to TMG for port 80 and UAG for port 443 3. The TMG has one internal adapter & IP of (100.100.100.10) and one external adapter and IP of (126.96.36.199) 4. The UAG has one internal adapter & IP of (100.100.100.20) and one external adapter with four defined and consecutive IPs (188.8.131.52 -23) 5. Both TMG and UAG are domain joined Is this a valid setup? Your help is much appreciated!!!