Setting up Remote Network Access

Updated: February 15, 2013

Applies To: Unified Access Gateway

Some of the Forefront Unified Access Gateway 2010 SP3 features discussed in this article may be deprecated and may be removed in subsequent releases. For a complete list of deprecated features, see Features Deprecated in Forefront UAG SP3.

Using Forefront Unified Access Gateway (UAG), you can provide remote client VPN access to the internal corporate network by publishing the SSL Network Tunneling application. You can implement remote client VPN access by using Secure Sockets Tunneling Protocol (SSTP), or by using the legacy proprietary Forefront UAG Network Connector.

The following are the advantages of SSTP deployment:

  • SSTP does not require driver installation on client endpoints.

  • SSTP requires only a single HTTPS connection to a Forefront UAG server.

  • SSTP supports the allocation of IP addresses to remote VPN clients using DHCP; with Network Connector a static address pool must be used.

  • Note that SSTP deployment requires that Forefront UAG servers belong to a domain.

The end user experience is similar whether the remote VPN client connects using SSTP or Network Connector, with the following variations:

  • If SSTP is used, after client authentication and endpoint access checks, the user launches the Remote Network Access application in the portal, and connects seamlessly to the corporate network without the need to authenticate again. In a dial-up scenario, the user activates SSTP directly from the Connection Manager.

  • If Network Connector is used, the Network Connector application establishes the connection.

  • If SSTP is used, the SSTP connection is terminated when the user logs off the portal.

For instructions on configuring SSL network tunneling using SSTP, see Publishing remote network access with SSTP.

For instructions on configuring SSL network tunneling using Network Connector, see Publishing remote network access with Network Connector.