This topic is designed to help you understand the planning requirements for a Forefront Unified Access Gateway (UAG) network access design, as follows:
Planning client requirements
You can configure remote access to the corporate network using the legacy Network Connector application or Secure Sockets Tunneling Protocol (SSTP). Before selecting an access method, ensure that you are aware of client requirements, as listed in the following table.
The following table lists the requirements for both SSL network tunneling mechanisms.
|SSL network tunneling mechanism||Application version||Client endpoint requirements|
Windows 7 client, Windows 7 server (32-bit and 64-bit). Internet Explorer.
Forefront UAG, Intelligent Application Gateway (IAG) 2007
Windows XP, Windows Vista (32-bit). Internet Explorer.
Planning for SSTP
The following SSTP planning is required:
- If you want to allocate IP addresses dynamically to remote
clients, ensure that you have a DHCP server deployed.
- If you want to allocate IP addresses from a static pool, plan
for a range that is large enough, and that can be excluded from the
internal network address range that is defined on the Forefront UAG
- No client-side configuration is required.
- SSTP is published via an HTTPS trunk and uses the trunk
certificate for authentication. Ensure that you have obtained a
valid certificate for the trunk. Note that the certificate must be
trusted by remote clients and will usually be issued by an external
certification authority (CA).
Planning for Network Connector
Planning for Network Connector includes the following:
- Network Connector must allocate addresses
from a static pool. Plan for a range that is large enough, and that
can be excluded from the internal network address range that is
defined on the Forefront UAG servers.
For information on deploying SSTP remote network access, see Publishing remote network access with SSTP. For Network Connector deployment information, see Publishing remote network access with Network Connector.