You can configure remote access to the corporate network using the legacy Network Connector application or Secure Sockets Tunneling Protocol (SSTP). Before selecting an access method, ensure that you are aware of client requirements, as listed in the following table.

The following table lists the requirements for both SSL network tunneling mechanisms.

The following SSTP planning is required:

1. If you want to allocate IP addresses dynamically to remote clients, ensure that you have a DHCP server deployed.
   
   
2. If you want to allocate IP addresses from a static pool, plan for a range that is large enough, and that can be excluded from the internal network address range that is defined on the Forefront UAG servers.
   
   
3. No client-side configuration is required.
   
   
4. SSTP is published via an HTTPS trunk and uses the trunk certificate for authentication. Ensure that you have obtained a valid certificate for the trunk. Note that the certificate must be trusted by remote clients and will usually be issued by an external certification authority (CA).
   
   

Planning for Network Connector includes the following:

• Network Connector must allocate addresses from a static pool. Plan for a range that is large enough, and that can be excluded from the internal network address range that is defined on the Forefront UAG servers.
  
  

For information on deploying SSTP remote network access, see Publishing remote network access with SSTP. For Network Connector deployment information, see Publishing remote network access with Network Connector.