This topic describes how to determine which Forefront Unified Access Gateway (UAG) DirectAccess access model to use, and how to identify an application server that requires additional authentication.

Forefront UAG DirectAccess uses the following access models:

To identify an application server that requires additional authentication

  1. From the Forefront UAG DirectAccess Configuration Wizard, in the Application Servers box, click Configure.

  2. To enable Require end-to-edge authentication and encryption (the default selection), click Finish.

  3. To enable end-to-end authentication and encryption for specified servers:

    1. Click Require end-to-end authentication and encryption to specified application servers.

    2. If you want to change the IPsec cryptography settings, click Edit IPsec cryptography settings, select the relevant Protocol, Integrity and Encryption, and then click OK.

      Note:
      Forefront UAG DirectAccess (UP1 release),supports the Suite B cryptographic algorithms that were added to IPsec in Windows Vista Service Pack 1, in Windows Server 2008, and in Windows 7
    3. Click Add, select the security group(s) containing the application servers that you want to enable for end-to-end authentication and encryption, click OK, and then click Finish. Clicking Remove removes the currently selected security group from the list.

      Important:
      Application servers that are added to the application server security group must be running Windows 2008 or above.
Note:
Applications servers that are added to security groups after the GPO has been generated, are not automatically updated in the DirectAccess client application server list. This means that any new application server added to the security group, or any application server that has its IP address changed after the GPO has been generated, is inaccessible to the DirectAccess client in both clear and encrypted modes.To resolve this, after adding a new application server to the specified security group, or after changing the IP address of an application server, do the following:
  1. From the Forefront UAG DirectAccess Configuration Wizard, in the Application Servers box, click Edit, and then click Finish.

  2. Click Generate Policies, click Apply Now, or click Export Script. For more information, see Applying or exporting the Forefront UAG DirectAccess configuration. After this is completed, any newly added application servers or application servers with changed IP addresses will be accessible to the DirectAccess clients.

For instructions on configuring the next step of the Forefront UAG DirectAccess Configuration Wizard, see Applying or exporting the Forefront UAG DirectAccess configuration.

508 Resource Limit Is Reached

Resource Limit Is Reached

The website is temporarily unable to service your request as it exceeded resource limit. Please try again later.