When configuring addresses for NLB-enabled remote sites, note the following:
- The address you specify for the remote tunnel
endpoint must be the virtual IP address of the NLB-enabled
array.
- When you create the remote site network,
specify all the addresses in the remote site.
- For Internet Protocol security (IPsec)
networks, HTTP proxy, or network address translation (NAT) traffic
between sites, you must include all the dedicated IP addresses of
the network adapters associated with the remote site network. The
source IP addresses for HTTP proxy and NAT traffic from remote
sites are subject to address translation (on the remote side), so
the local site sees the traffic as if it is arriving from the
primary IP address of the remote site; that is, from its dedicated
IP address.
- When the remote site network is an
NLB-enabled array, the initial connection from this array of
Forefront TMG servers will be to the virtual IP address of the
computer. The tunnel will be established from one of the dedicated
IP addresses on the remote array. For this reason, you must specify
all the dedicated IP addresses as additional remote tunnel
endpoints. This is supported on Routing and Remote Access (RRAS)
VPN networks (PPTP and L2TP) only.